Signature Detail

HTTP: Microsoft Windows win32k.sys Memory Corruption

This signature detects attempts to exploit a known memory corruption vulnerability against Microsoft Windows. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Windows is prone to a remote memory-corruption vulnerability. Successful exploits will result in the execution of arbitrary code in the kernel-mode. Failed attempts will cause a denial-of-service condition.

Affected Products

• Avaya Aura Conferencing 6.0 Standard
• Avaya CallPilot 4.0
• Avaya CallPilot 5.0
• Avaya Communication Server 1000 Telephony Manager 3.0
• Avaya Communication Server 1000 Telephony Manager 4.0
• Avaya Meeting Exchange 5.0
• Avaya Meeting Exchange 5.0.0.0.52
• Avaya Meeting Exchange 5.0 SP1
• Avaya Meeting Exchange 5.0 SP2
• Avaya Meeting Exchange 5.1
• Avaya Meeting Exchange 5.1 SP1
• Avaya Meeting Exchange 5.2
• Avaya Meeting Exchange 5.2 SP1
• Avaya Meeting Exchange 5.2 SP2
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server 5.2
• Microsoft Windows 7
• Microsoft Windows 7 RC
• Microsoft Windows 7 for 32-bit Systems SP1
• Microsoft Windows 7 for 32-bit Systems
• Microsoft Windows 7 Home Premium - Sp1 X32
• Microsoft Windows 7 Home Premium - Sp1 X64
• Microsoft Windows 7 Home Premium
• Microsoft Windows 7 Professional
• Microsoft Windows 7 Ultimate
• Microsoft Windows Server 2008 for 32-bit Systems SP2
• Microsoft Windows Server 2008 for 32-bit Systems
• Microsoft Windows Server 2008 for x64-based Systems SP2
• Microsoft Windows Server 2008 for x64-based Systems
• Microsoft Windows Server 2008 R2 x64 SP1
• Microsoft Windows Server 2008 R2 x64

References

• BugTraq: 51122
• CVE: CVE-2011-5046