CVE-2011-0657
published 2011-04-13CVE-2011-0657: DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2…
PriorityP279critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
63.33%
99.1th percentile
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for malformed LLMNR broadcast queries containing a leading '.' character on the network, which may indicate exploitation attempts against DNSAPI.dll. ↗
- →Look for stack exhaustion or stack memory corruption symptoms in processes loading DNSAPI.dll, particularly on Windows Vista and later systems without KB2509553 applied. ↗
- →Detection should cover both network-based LLMNR query inspection and local crafted application vectors, as the vulnerability can be triggered via either attack surface. ↗
- ·The Metasploit DoS module may not reliably crash the target in all cases — a '.' character may be encountered before the top of the stack is reached, preventing a crash. ↗
- ·Code execution via this vulnerability had not been proven possible at the time of the module's writing; confirmed impact at that time was limited to DoS (stack exhaustion/corruption). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit)
exploitdb·2011-05-30
CVE-2013-0657 7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit)
7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit)
---
##
# $Id: igss9_misc.rb 12779 2011-05-31 14:33:19Z swtornio $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities",
'Description' => %q{
This module exploits multiple vulnerabilities found on IGSS 9's Data Server and
Data Collector services. The initial approach is first by transferring our binary
with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then send
an EXE packe
Metasploit
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
metasploit
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
This module exploits a buffer underrun vulnerability in Microsoft's DNSAPI.dll as distributed with Windows Vista and later without KB2509553. By sending a specially crafted LLMNR query, containing a leading '.' character, an attacker can trigger stack exhaustion or potentially cause stack memory corruption. Although this vulnerability may lead to code execution, it has not been proven to be possible at the time of this writing. NOTE: In some circumstances, a '.' may be found before the top of the stack is reached. In these cases, this module may not be able to cause a crash.
No writeups or analysis indexed.
http://osvdb.org/71780http://secunia.com/advisories/44161http://www.securityfocus.com/bid/47242http://www.securitytracker.com/id?1025332http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlhttp://www.vupen.com/english/advisories/2011/0948https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-030https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11902http://osvdb.org/71780http://secunia.com/advisories/44161http://www.securityfocus.com/bid/47242http://www.securitytracker.com/id?1025332http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlhttp://www.vupen.com/english/advisories/2011/0948https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-030https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11902
2011-04-13
Published