Microsoft Windows Distributed File System Memory Corruption Vulnerability
RISK: High Risk
TYPE: Operating Systems - Windows OS
DFS Memory Corruption Vulnerability
An unauthenticated remote code execution vulnerability exists in the way that the Distributed File System (DFS) client parses specially crafted DFS responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
DFS Referral Response Vulnerability
A denial of service vulnerability exists in the way that Microsoft Distributed File System (DFS) handles specially crafted DFS referral responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx
Vulnerability Identifier
Source
Related Link
Share with