CVE-2011-0086: Input Validation
First published: Wed Feb 09 2011(Updated: )
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/43255
- http://www.vupen.com/english/advisories/2011/0325
- http://www.securityfocus.com/bid/46141
- http://osvdb.org/70818
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12070
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-012
Frequently Asked Questions
What is the severity of CVE-2011-0086?
CVE-2011-0086 is considered a critical vulnerability that allows local users to gain elevated privileges.
How do I fix CVE-2011-0086?
To fix CVE-2011-0086, apply the latest security patches provided by Microsoft for the affected Windows versions.
Which Windows versions are affected by CVE-2011-0086?
CVE-2011-0086 affects Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows 7, and Windows Server 2003 and 2008 under specified service packs.
What type of attack can exploit CVE-2011-0086?
CVE-2011-0086 can be exploited through crafted applications that manipulate user-mode input to gain system privileges.
Is CVE-2011-0086 actively being exploited?
There have been reports of CVE-2011-0086 being exploited in the wild, making it essential to address this vulnerability promptly.
- agent/type
- agent/references
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft windows vista
- canonical/microsoft windows server 2008
- canonical/microsoft windows xp
- canonical/microsoft windows 7
- canonical/microsoft windows server 2003
- canonical/microsoft windows 2003 server
- collector/nvd-index
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- version/microsoft windows xp/sp3
- version/microsoft windows xp/sp2