Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2217

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-2217
Last Modified 06 Sep 2011 11:17:10
Published 06 Jun 2011 03:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2217

Summary

Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.

Vulnerable Systems

Application

  • Tomsawyer Get Extension Factory 5.5.2.237

  • Vmware Infrastructure 3

  • Vmware Virtual Infrastructure Client 2.0.2

  • Vmware Virtual Infrastructure Client 2.5


References

XF - vmware-viclient-code-exec(67816)

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0009.html

BID - 48099

SECTRACK - 1025602

SECUNIA - 44844

SECUNIA - 44826

IDEFENSE - 20110603 Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability


Last Updated: 27 May 2016 10:56:57