PT-2011-3508 · Microsoft · Windows Server 2008 R2+1

Published

2011-08-10

Updated

2020-09-28

CVE-2011-1966

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 R2 SP1

Description The issue arises from the DNS server's improper handling of NAPTR queries that trigger recursive processing. This allows remote attackers to execute arbitrary code via a crafted query.

Recommendations For Microsoft Windows Server 2008 SP2, apply the necessary patch to fix the DNS server's handling of NAPTR queries. For Microsoft Windows Server 2008 R2, apply the necessary patch to fix the DNS server's handling of NAPTR queries. For Microsoft Windows Server 2008 R2 SP1, apply the necessary patch to fix the DNS server's handling of NAPTR queries.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-1966

Affected Products

Windows Server 2008 R2

Windows Server 2008 R2 Sp1

PT-2011-3508 · Microsoft · Windows Server 2008 R2+1

CVE-2011-1966

Weakness Enumeration

Related Identifiers

Affected Products

References · 4