DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Microsoft
  • Windows 2003 Server
  • Windows 7
  • Windows Server 2003
  • Windows Server 2008
  • Windows Vista
  • Windows Xp

Configuration 1 [-]

OR cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

No data.

References
Link Providers
http://osvdb.org/71780 cve-icon cve-icon
http://secunia.com/advisories/44161 cve-icon cve-icon
http://www.securityfocus.com/bid/47242 cve-icon cve-icon
http://www.securitytracker.com/id?1025332 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA11-102A.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0948 cve-icon cve-icon
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-030 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11902 cve-icon cve-icon
History

Thu, 17 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2024-10-17T19:59:59.425Z

Reserved: 2011-01-28T00:00:00

Link: CVE-2011-0657

cve-icon Vulnrichment

Updated: 2024-08-06T21:58:26.023Z

cve-icon NVD

Status : Modified

Published: 2011-04-13T18:55:01.390

Modified: 2024-11-21T01:24:33.443

Link: CVE-2011-0657

cve-icon Redhat

No data.