(MS11-082) Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

  Severity: HIGH
  CVE Identifier: CVE-2011-2007,CVE-2011-2008
  Advisory Date: OCT 13, 2011

  DESCRIPTION

This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478.

  TREND MICRO PROTECTION INFORMATION


  SOLUTION

  PATCH: http://technet.microsoft.com/en-us/security/bulletin/ms11-082

  Trend Micro Deep Security DPI Rule Number: 1004820
  Trend Micro Deep Security DPI Rule Name: Endless Loop DoS In snabase.exe Vulnerability (CVE-2011-2007)

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Host Integration Server 2004 Service Pack 1
  • Microsoft Host Integration Server 2006 Service Pack 1
  • Microsoft Host Integration Server 2009
  • Microsoft Host Integration Server 2010