CVE-2011-2217
Tom Sawyer Software GET Extension Factory - Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
Algunos controles ActiveX en (1) tsgetxu71ex552.dll y (2) tsgetx71ex552.dll en Tom Sawyer GET Extension Factory v5.5.2.237, como se usa en VI Client (también conocido como VMware Infrastructure Client) v2.0.2 con anterioridad a Build 230598 y v2.5 con anterioridad a Build 204931 en VMware Infrastructure 3,no controla correctamente la inicialización dentro de Internet Explorer,lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio ( corrupción de memoria ) a través de un documento HTML manipulado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-05-31 CVE Reserved
- 2011-06-03 CVE Published
- 2012-06-10 First Exploit
- 2024-08-06 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911 | Third Party Advisory | |
http://secunia.com/advisories/44844 | Third Party Advisory | |
http://securitytracker.com/id?1025602 | Vdb Entry | |
http://www.securityfocus.com/bid/48099 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/67816 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/19030 | 2012-06-10 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/44826 | 2017-08-29 | |
http://www.vmware.com/security/advisories/VMSA-2011-0009.html | 2017-08-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Tomsawyer Search vendor "Tomsawyer" | Get Extension Factory Search vendor "Tomsawyer" for product "Get Extension Factory" | 5.5.2.237 Search vendor "Tomsawyer" for product "Get Extension Factory" and version "5.5.2.237" | - |
Affected
| in | Vmware Search vendor "Vmware" | Infrastructure Search vendor "Vmware" for product "Infrastructure" | 3 Search vendor "Vmware" for product "Infrastructure" and version "3" | - |
Affected
|
Vmware Search vendor "Vmware" | Virtual Infrastructure Client Search vendor "Vmware" for product "Virtual Infrastructure Client" | 2.0.2 Search vendor "Vmware" for product "Virtual Infrastructure Client" and version "2.0.2" | - |
Affected
| in | Vmware Search vendor "Vmware" | Infrastructure Search vendor "Vmware" for product "Infrastructure" | 3 Search vendor "Vmware" for product "Infrastructure" and version "3" | - |
Affected
|
Vmware Search vendor "Vmware" | Virtual Infrastructure Client Search vendor "Vmware" for product "Virtual Infrastructure Client" | 2.5 Search vendor "Vmware" for product "Virtual Infrastructure Client" and version "2.5" | - |
Affected
| in | Vmware Search vendor "Vmware" | Infrastructure Search vendor "Vmware" for product "Infrastructure" | 3 Search vendor "Vmware" for product "Infrastructure" and version "3" | - |
Affected
|