MS11-057 |
Multiple vulnerabilities in Internet Explorer allow random code execution with the rights of the logged on user and information leaks. Replaces MS11-050. |
MSIE
CVE-2011-1257
CVE-2011-1960
CVE-2011-1961
CVE-2011-1962
CVE-2011-1963
CVE-2011-1964
CVE-2011-2383
CVE-2011-1347 |
KB 2559049 |
A for-pay exploit for CVE-2011-1347 is available (the fix for this vulnerability is classified by Microsoft as a functionality upgrade)
Public disclosure against CVE-2011-1962 and CVE-2011-2383 are also reported. |
Severity:Critical
Exploitability:1 |
Critical |
Important |
MS11-058 |
Multiple vulnerabilities in the DNS server allow random code execution through NAPTR (Naming Authority Pointer) queries against recursive servers and denial of service.
Replaces MS09-008 and MS11-046. |
DNS server
CVE-2011-1966
CVE-2011-1970 |
KB 2562485 |
No publicly known exploits
|
Severity:Critical
Exploitability:3 |
N/A |
Critical |
MS11-059 |
Windows DAC (Data Access Components) can incorrectly restrict the path used for loading libraries, allowing random code execution (e.g. by opening a excel file on a network share). |
Windows DAC, exposed through e.g. Excel
CVE-2011-1975 |
KB 2560656 |
No publicly known exploits
|
Severity:Important
Exploitability:1 |
Important |
Less Urgent |
MS11-060 |
Multiple vulnerabilities in Visio allow random code execution with the rights of the logged on user.
Replaces MS11-008. |
Visio
CVE-2011-1972
CVE-2011-1979 |
KB 2560978 |
No publicly known exploits |
Severity:Important
Exploitability:1 |
Critical |
Important |
MS11-061 |
A cross site scripting (XSS) vulnerability in Remote Desktop Web Access. |
Remote Desktop Web Access
CVE-2011-1263 |
KB 2546250 |
No publicly known exploits |
Severity:Important
Exploitability:1 |
Less Urgent |
Important |
MS11-062 |
An input validation vulnerability in the way the NDISTAPI driver validates user mode input before sending it to the windows kernel allows privilege escalation. |
Remote Access Service (RAS)
CVE-2011-1974 |
KB 2566454 |
No publicly known exploits |
Severity:Important
Exploitability:1 |
Important |
Less Urgent |
MS11-063 |
An input validation vulnerability in the Client/Server Runtime SybSystem allows privilege escalation by running arbitrary code in the context of another process.
Replaces MS10-069 and MS11-056. |
CSRSS
CVE-2011-1967 |
KB 2567680 |
No publicly known exploits |
Severity:Important
Exploitability:1 |
Important |
Less Urgent |
MS11-064 |
Vulnerabilities in how windows kernels handle crafted ICMP messages and how Quality of Service (QoS) based on URLs on web hosts handles crafted URLs allow denial of service.
Replaces MS10-058. |
TCP/IP stack
CVE-2011-1871
CVE-2011-1965 |
KB 2563894 |
No publicly known exploits |
Severity:Important
Exploitability:3 |
Important |
Important |
MS11-065 |
A vulnerability in the RDP implementation allows denial of service of the exposed machine. |
Remote Desktop Protocol (RDP)
CVE-2011-1968 |
KB 2570222 |
Microsoft reports it is used in targeted exploits. |
Severity:Important
Exploitability:3 |
Less urgent |
Important |
MS11-066 |
An input validation in the Chart Control allows retrieval of any file within the ASP.NET application. |
ASP.NET Chart Control
CVE-2011-1977 |
KB 2567943 |
No publicly known exploits |
Severity:Important
Exploitability:3 |
N/A |
Important |
MS11-067 |
A cross site scripting (XSS) vulnerability in the Microsoft report viewer control.
Replaces MS09-062. |
Report Viewer
CVE-2011-1976 |
KB 2578230 |
No publicly known exploits |
Severity:Important
Exploitability:3 |
Important |
Less Urgent |
MS11-068 |
Access to meta-data of files (can be through the web and file sharing) can cause a reboot of the windows kernel.
Replaces MS10-047. |
Windows Kernel
CVE-2011-1971 |
KB 2556532 |
No publicly known exploits |
Severity:Moderate
Exploitability:? |
Less Urgent |
Less Urgent |
MS11-069 |
Lack of restricted access to the System.Net.Sockets namespace in the .NET framework allows information leaks and control over network traffic causing Denial of Service or portscanning.
Replaces MS11-039. |
.NET framework
CVE-2011-1978 |
KB 2567951 |
No publicly known exploits |
Severity:Moderate
Exploitability:? |
Important |
Important |