Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1965 — Microsoft Windows Server 2008 vulnerability

CWE-3993 documents3 sources

Severity

7.1HIGHNVD

EPSS

67.1%

top 1.44%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Server 2008

Timeline

PublishedAug 10

Latest updateMay 13

Description

Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-3953-5jrj-v3rr: Tcpip↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - TCP/IP Stack Denial of Service (MS11-064)↗2011-10-15

▶