What is CVE-2011-0661?

CVE-2011-0661 is a vulnerability in Microsoft Windows_2003_server, classified under Improper Input Validation. Published 2011-04-13.

Is CVE-2011-0661 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Microsoft Windows_2003_server

CVE-2011-0661

The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, wh…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.652 (98.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows_2003_server
Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

44072 (x_refsource_SECUNIA, third-party-advisory)
71781 (x_refsource_OSVDB, vdb-entry)
TA11-102A (US Government Resource, x_refsource_CERT, third-party-advisory)
1025329 (vdb-entry, x_refsource_SECTRACK)
ADV-2011-0939 (vdb-entry, x_refsource_VUPEN)
47198 (vdb-entry, x_refsource_BID)
oval:org.mitre.oval:def:12076 (x_refsource_OVAL, signature, vdb-entry)
MS11-020 (x_refsource_MS, vendor-advisory)

Frequently asked questions

What is CVE-2011-0661?: CVE-2011-0661 is a vulnerability in Microsoft Windows_2003_server, classified under Improper Input Validation. Published 2011-04-13.
Is CVE-2011-0661 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.