Description
The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12764
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-058
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-221A.html
Scores
EPSS
0.5520
EPSS Percentile
98.9%
Details
CWE
CWE-20
Status
published
Products (2)
microsoft/windows_server_2008
(2 CPE variants)
microsoft/windows_server_2008
r2
Published
Aug 10, 2011
Tracked Since
Feb 18, 2026