CVE-2011-2016 — Heap-based Buffer Overflow in Microsoft Windows Server 2008

CWE-122 — Heap-based Buffer Overflow CWE-311 — Missing Encryption of Sensitive Data19 documents11 sources

Severity

7.3HIGHNVD

EPSS

15.0%

top 5.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hackerone Webdriver-launcher Node Module Microsoft Windows Server 2008 Drupal Phpmailer 3RD Party Library +10 more

Timeline

PublishedNov 8

Latest updateMay 13

Description

Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages13 packages

▶NVDmicrosoft/windowsr2

▶drupaldrupal/phpmailer_3rd_party_library

▶msrcmsrc/word_automation_services_on_microsoft_sharepoint_server_2013_service_pack_1

▶msrcmsrc/microsoft_word_for_mac_2011

▶msrcmsrc/microsoft_excel_for_mac_2011

🔴Vulnerability Details

GHSA

GHSA-p967-942c-4563: Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1,↗2022-05-13

▶

GHSA

Downloads Resources over HTTP in webdriver-launcher↗2019-02-18

▶

Kernel

namei: allow restricted O_CREAT of FIFOs and regular files↗2018-08-23

▶

GHSA

Downloads Resources over HTTP in jstestdriver↗2018-08-15

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062)↗2016-10-24

▶

Exploit-DB

Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)↗2016-10-18

▶

Metasploit

AF_PACKET chocobo_root Privilege Escalation↗

▶

📋Vendor Advisories

Microsoft

Microsoft Outlook for Mac Spoofing Vulnerability↗2017-06-13

▶

Drupal

PHPmailer 3rd party library - PSA-2016-004↗2016-12-26

▶

Red Hat

jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)↗2016-10-17

▶

Red Hat

jasper: insufficient memory allocation in jpc_crg_getparms() (rejected duplicate of CVE-2011-4517)↗2016-10-17

▶

🕵️Threat Intelligence

Zscaler

Zscaler Provides Protection for MS’s Nov 2011 Patch Cycle↗

▶

💬Community

Bugzilla

CVE-2011-2715 drupal: SQL injection due to insufficient sanitization of table names or column names↗2020-02-06

▶

Bugzilla

CVE-2011-2714 drupal: XSS due to insufficient sanitization of table descriptions, field names, or labels before display↗2020-01-28

▶

Bugzilla

CVE-2011-5326 imlib2: divide by zero on 2x1 ellipse↗2016-04-01

▶