CVE-2011-1229
Summary
| CVE | CVE-2011-1229 |
|---|---|
| State | PUBLISHED |
| Assigner | microsoft |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-04-13 20:26:25 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:L/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avaya | Agent Access | All | All | All | All |
| Application | Avaya | Aura Conferencing Standard Edition | 6.0.0 | All | All | All |
| Application | Avaya | Basic Call Management System Reporting Desktop | All | All | All | All |
| Application | Avaya | Callpilot | All | All | All | All |
| Application | Avaya | Callvisor Asai Lan | All | All | All | All |
| Application | Avaya | Call Management Server Supervisor | All | All | All | All |
| Application | Avaya | Communication Server 1000 Telephony Manager | All | All | All | All |
| Application | Avaya | Computer Telephony | All | All | All | All |
| Application | Avaya | Contact Center Express | All | All | All | All |
| Application | Avaya | Customer Interaction Express | All | All | All | All |
| Application | Avaya | Enterprise Manager | All | All | All | All |
| Application | Avaya | Integrated Management | All | All | All | All |
| Application | Avaya | Interaction Center | All | All | All | All |
| Application | Avaya | Ip Agent | All | All | All | All |
| Application | Avaya | Ip Softphone | All | All | All | All |
| Application | Avaya | Meeting Exchange | All | All | All | All |
| Application | Avaya | Messaging Application Server | All | All | All | All |
| Application | Avaya | Network Reporting | All | All | All | All |
| Application | Avaya | Octelaccess Server | All | All | All | All |
| Application | Avaya | Octeldesigner | All | All | All | All |
| Application | Avaya | Operational Analyst | All | All | All | All |
| Application | Avaya | Outbound Contact Management | All | All | All | All |
| Application | Avaya | Speech Access | All | All | All | All |
| Application | Avaya | Unified Communication Center | All | All | All | All |
| Application | Avaya | Unified Messenger | All | All | All | All |
| Application | Avaya | Visual Messenger | All | All | All | All |
| Application | Avaya | Visual Vector Client | All | All | All | All |
| Application | Avaya | Vpnmanager Console | All | All | All | All |
| Application | Avaya | Web Messenger | All | All | All | All |
| Operating System | Microsoft | Windows 2003 Server | - | sp2 | All | All |
| Operating System | Microsoft | Windows 7 | - | All | All | All |
| Operating System | Microsoft | Windows 7 | - | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | - | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | - | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | - | sp2 | All | All |
| Operating System | Microsoft | Windows Vista | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp3 | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ASA-2011-110 MS11-034 (2506223) | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | Third Party Advisory |
| US-CERT Technical Cyber Security Alert TA11-102A -- Microsoft Updates for Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | Third Party Advisory, US Government Resource |
| MS11-034: Addressing vulnerabilities in the win32k subsystem - Security Research & Defense - Site Home - TechNet Blogs | af854a3a-2127-422b-91ae-364da2661108 | blogs.technet.com | Vendor Advisory |
| Microsoft Security Bulletin MS11-034 - Important | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | Patch, Vendor Advisory |
| Microsoft Windows win32k.sys Driver Privilege Escalation Vulnerabilities - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Broken Link |
| Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| osvdb.org/71735 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | Broken Link |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | VDB Entry |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1229) Local Privilege Escalation Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.