CVE-2011-1966

Microsoft Windows Server <2008 SP2-SP1 - RCE

Title source: llm
STIX 2.1

Description

The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12764
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-221A.html

Scores

EPSS 0.5520
EPSS Percentile 98.9%

Details

CWE
CWE-20
Status published
Products (2)
microsoft/windows_server_2008 (2 CPE variants)
microsoft/windows_server_2008 r2
Published Aug 10, 2011
Tracked Since Feb 18, 2026