{"vuid":"VU#951982","idnumber":"951982","name":"Microsoft Windows UDP packet parsing vulnerability","keywords":["windows","udp","tcp/ip","ms11-083"],"overview":"A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service.","clean_desc":"Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a vulnerability when processing a continuous flow of specially crafted UDP packets, which results in an integer overflow.","impact":"Microsoft Security Bulletin MS11-083 states: An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.","resolution":"Apply an update\nThis issue is addressed in Microsoft Security Bulletin MS11-083.","workarounds":"Block unused UDP ports at the perimeter firewall Microsoft is recommending states that blocking unused (closed) UDP ports at the perimeter firewall helps protect systems that are behind that firewall from attempts to exploit this vulnerability. Microsoft has additional information on tcp and udp port assignments their website.","sysaffected":"","thanks":"Thanks to Microsoft Security Response Center for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["http://technet.microsoft.com/en-us/security/bulletin/ms11-083","http://blogs.technet.com/b/srd/archive/2011/11/08/assessing-the-exploitability-of-ms11-083.aspx"],"cveids":["CVE-2011-2013"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-11-08T18:35:03Z","publicdate":"2011-11-08T00:00:00Z","datefirstpublished":"2011-11-08T20:55:54Z","dateupdated":"2011-11-08T20:55:55Z","revision":7,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"16","cam_attackeraccessrequired":"18","cam_scorecurrent":"20.655","cam_scorecurrentwidelyknown":"48.195","cam_scorecurrentwidelyknownexploited":"75.735","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":20.655,"vulnote":null}