CVE-2011-1268 — Improper Input Validation in Microsoft Windows Server 2008

CWE-20 — Improper Input Validation2 documents2 sources

Severity

10.0CRITICALNVD

EPSS

35.1%

top 2.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedJun 16

Latest updateMay 13

Description

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-gqhv-w9p9-ffqf: The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1,↗2022-05-13

▶