CVE-2011-1970

Microsoft Windows Server <2003 SP2, 2008 SP2 - DoS

Title source: llm
STIX 2.1

Description

The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12870
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-221A.html

Scores

EPSS 0.2304
EPSS Percentile 97.5%

Details

CWE
CWE-119
Status published
Products (4)
microsoft/windows_2003_server
microsoft/windows_server_2003
microsoft/windows_server_2008 (2 CPE variants)
microsoft/windows_server_2008 r2
Published Aug 10, 2011
Tracked Since Feb 18, 2026