CVE-2011-2217

Sažetak

Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911
http://secunia.com/advisories/44826
http://secunia.com/advisories/44844
http://securitytracker.com/id?1025602
http://www.securityfocus.com/bid/48099
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/67816

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-08-2017 - 01:29

Objavljeno

06-06-2011 - 19:55