CVE-2011-5046

Published: Dec 30, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."

Affected (8)

Products: Microsoft: Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista, Windows Xp

5 products

Windows Server 2003

Windows Server 2008

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://osvdb.org/77908

Source: cve@mitre.org

http://secunia.com/advisories/47237

Source: cve@mitre.org

Vendor Advisory

http://twitter.com/w3bd3vil/statuses/148454992989261824

Source: cve@mitre.org

http://www.exploit-db.com/exploits/18275

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1026450

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA12-045A.html

Source: cve@mitre.org

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-008

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/71873

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14603

Source: cve@mitre.org

http://osvdb.org/77908

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/47237

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://twitter.com/w3bd3vil/statuses/148454992989261824

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/18275

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1026450

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA12-045A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-008

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/71873

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14603

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.