CVE-2011-0045

high

Description

The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11996

https://exchange.xforce.ibmcloud.com/vulnerabilities/64926

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011

http://www.zerodayinitiative.com/advisories/ZDI-11-064

http://www.vupen.com/english/advisories/2011/0324

http://www.securitytracker.com/id?1025046

http://www.securityfocus.com/bid/46136

http://www.securityfocus.com/archive/1/516276/100/0/threaded

http://support.avaya.com/css/P8/documents/100127248

http://securityreason.com/securityalert/8110

http://osvdb.org/70823

Details

Source: Mitre, NVD

Published: 2011-02-09

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High