What is CVE-2011-5046?

CVE-2011-5046 is a vulnerability in Microsoft Windows_7, classified under Improper Input Validation. Published 2011-12-30.

Is CVE-2011-5046 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Microsoft Windows_7

CVE-2011-5046

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not prop…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.755 (98.9th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

TA12-045A (US Government Resource, x_refsource_CERT, third-party-advisory)
cve@mitre.org (x_refsource_MISC)
MS12-008 (x_refsource_MS, vendor-advisory)
ms-win32k-iframe-code-exec(71873) (vdb-entry, x_refsource_XF)
77908 (x_refsource_OSVDB, vdb-entry)
oval:org.mitre.oval:def:14603 (x_refsource_OVAL, signature, vdb-entry)
47237 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
18275 (Exploit, exploit, x_refsource_EXPLOIT-DB)
1026450 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2011-5046?: CVE-2011-5046 is a vulnerability in Microsoft Windows_7, classified under Improper Input Validation. Published 2011-12-30.
Is CVE-2011-5046 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.