CVE-2011-1229

Published: Apr 13, 2011Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."

Affected (45)

Products: Microsoft: Windows 2003 Server, Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista, Windows Xp · Avaya: Agent Access, Aura Conferencing Standard Edition, Basic Call Management System Reporting Desktop, Call Management Server Supervisor, Callpilot, Callvisor Asai Lan, Communication Server 1000 Telephony Manager, Computer Telephony, Contact Center Express, Customer Interaction Express, Enterprise Manager, Integrated Management, Interaction Center, Ip Agent, Ip Softphone, Meeting Exchange, Messaging Application Server, Network Reporting, Octelaccess Server, Octeldesigner, Operational Analyst, Outbound Contact Management, Speech Access, Unified Communication Center, Unified Messenger, Visual Messenger, Visual Vector Client, Vpnmanager Console, Web Messenger

6 products

Windows 2003 Server

Windows Server 2003

Windows Server 2008

29 products

Aura Conferencing Standard Edition

Basic Call Management System Reporting Desktop

Call Management Server Supervisor

Callvisor Asai Lan

Communication Server 1000 Telephony Manager

Computer Telephony

Contact Center Express

Customer Interaction Express

Enterprise Manager

Integrated Management

Interaction Center

Meeting Exchange

Messaging Application Server

Network Reporting

Octelaccess Server

Operational Analyst

Outbound Contact Management

Unified Communication Center

Unified Messenger

Visual Messenger

Visual Vector Client

Vpnmanager Console

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Configuration B

29 vulnerable

Vulnerable Software	Affected Versions
Avaya Agent Access	All versions
Avaya Aura Conferencing Standard Edition	Version 6.0.0
Avaya Basic Call Management System Reporting Desktop	All versions
Avaya Call Management Server Supervisor	All versions
Avaya Callpilot	From 4.0.x to 5.0.x
Avaya Callvisor Asai Lan	All versions
Avaya Communication Server 1000 Telephony Manager	From 3.0.0 to 4.0.0
Avaya Computer Telephony	All versions
Avaya Contact Center Express	All versions
Avaya Customer Interaction Express	All versions
Avaya Enterprise Manager	All versions
Avaya Integrated Management	All versions
Avaya Interaction Center	All versions
Avaya Ip Agent	All versions
Avaya Ip Softphone	All versions
Avaya Meeting Exchange	From 5.0.0 to 5.2.0
Avaya Messaging Application Server	From 4.0.x to 5.2.x
Avaya Network Reporting	All versions
Avaya Octelaccess Server	All versions
Avaya Octeldesigner	All versions
Avaya Operational Analyst	All versions
Avaya Outbound Contact Management	All versions
Avaya Speech Access	All versions
Avaya Unified Communication Center	All versions
Avaya Unified Messenger	All versions
Avaya Visual Messenger	All versions
Avaya Visual Vector Client	All versions
Avaya Vpnmanager Console	All versions
Avaya Web Messenger	All versions

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (22)

http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx

Source: secure@microsoft.com

Vendor Advisory

http://osvdb.org/71735

Source: secure@microsoft.com

Broken Link

http://secunia.com/advisories/44156

Source: secure@microsoft.com

Third Party Advisory

http://support.avaya.com/css/P8/documents/100133352

Source: secure@microsoft.com

Third Party Advisory

http://www.securityfocus.com/bid/47229

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1025345

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2011/0952

Source: secure@microsoft.com

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034

Source: secure@microsoft.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/66411

Source: secure@microsoft.com

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12503

Source: secure@microsoft.com

Third Party Advisory

http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://osvdb.org/71735

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/44156

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://support.avaya.com/css/P8/documents/100133352

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/47229

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1025345

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2011/0952

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/66411

Source: af854a3a-2127-422b-91ae-364da2661108

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12503

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.