Overview
A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service.
Description
Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a vulnerability when processing a continuous flow of specially crafted UDP packets, which results in an integer overflow. |
Impact
Microsoft Security Bulletin MS11-083 states: An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Solution
Apply an update |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Thanks to Microsoft Security Response Center for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
CVE IDs: | CVE-2011-2013 |
Severity Metric: | 20.66 |
Date Public: | 2011-11-08 |
Date First Published: | 2011-11-08 |
Date Last Updated: | 2011-11-08 20:55 UTC |
Document Revision: | 7 |