| CVE ID | CVE-2011-0045 |
| CVSS SCORE | 6.8, AV:L/AC:L/Au:S/C:C/I:C/A:C |
| AFFECTED VENDORS |
Microsoft |
| AFFECTED PRODUCTS |
Windows XP |
| VULNERABILITY DETAILS |
This vulnerability allows local attackers to execute arbitrary code from the context of kernelspace on vulnerable installations of Microsoft Windows. The ability to make a system call is required in order to exploit this vulnerability. The specific flaw exists within the kernel's support for Trace Events. Due to a bad type conversion, the kernel will use a truncated length for allocating data from userspace. When populating this buffer the kernel will use a differing length causing a buffer overflow. This will cause memory corruption and can lead to code execution under the context of the kernel. |
| ADDITIONAL DETAILS |
Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/bulletin/ms11-011.mspx |
| DISCLOSURE TIMELINE |
|
| CREDIT | std_logic |
