cvelistv5 - cve-2011-2217

CVE-2011-2217 (GCVE-0-2011-2217)

Vulnerability from cvelistv5 – Published: 2011-06-06 19:00 – Updated: 2024-08-06 22:53

Summary

Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://secunia.com/advisories/44844	third-party-advisoryx_refsource_SECUNIA
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/48099	vdb-entryx_refsource_BID
	http://secunia.com/advisories/44826	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1025602	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:53:17.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "vmware-viclient-code-exec(67816)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67816"
          },
          {
            "name": "20110603 Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911"
          },
          {
            "name": "44844",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
          },
          {
            "name": "48099",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48099"
          },
          {
            "name": "44826",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44826"
          },
          {
            "name": "1025602",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025602"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "vmware-viclient-code-exec(67816)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67816"
        },
        {
          "name": "20110603 Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911"
        },
        {
          "name": "44844",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
        },
        {
          "name": "48099",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48099"
        },
        {
          "name": "44826",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44826"
        },
        {
          "name": "1025602",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025602"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2217",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "vmware-viclient-code-exec(67816)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67816"
            },
            {
              "name": "20110603 Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911"
            },
            {
              "name": "44844",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44844"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
            },
            {
              "name": "48099",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48099"
            },
            {
              "name": "44826",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44826"
            },
            {
              "name": "1025602",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025602"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2217",
    "datePublished": "2011-06-06T19:00:00",
    "dateReserved": "2011-05-31T00:00:00",
    "dateUpdated": "2024-08-06T22:53:17.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tomsawyer:get_extension_factory:5.5.2.237:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C96FF83B-F824-415F-A0BF-D0089F295047\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:virtual_infrastructure_client:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD305506-02D6-47EA-9947-CE3227EDD79E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:virtual_infrastructure_client:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"281E1084-61E9-4B33-AF60-26F2620F874C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD0E3A11-F411-4653-96ED-05ECE4DCF401\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.\"}, {\"lang\": \"es\", \"value\": \"Algunos controles ActiveX en (1) tsgetxu71ex552.dll y (2) tsgetx71ex552.dll en Tom Sawyer GET Extension Factory v5.5.2.237, como se usa en VI Client (tambi\\u00e9n conocido como VMware Infrastructure Client) v2.0.2 con anterioridad a Build 230598 y v2.5 con anterioridad a Build 204931 en VMware Infrastructure 3,no controla correctamente la inicializaci\\u00f3n dentro de Internet Explorer,lo que permite a atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio ( corrupci\\u00f3n de memoria ) a trav\\u00e9s de un documento HTML manipulado.\"}]",
      "id": "CVE-2011-2217",
      "lastModified": "2024-11-21T01:27:50.313",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-06-06T19:55:03.800",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/44826\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44844\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1025602\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/48099\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2011-0009.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67816\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/44826\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44844\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1025602\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/48099\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2011-0009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67816\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2217\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-06-06T19:55:03.800\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.\"},{\"lang\":\"es\",\"value\":\"Algunos controles ActiveX en (1) tsgetxu71ex552.dll y (2) tsgetx71ex552.dll en Tom Sawyer GET Extension Factory v5.5.2.237, como se usa en VI Client (tambi\u00e9n conocido como VMware Infrastructure Client) v2.0.2 con anterioridad a Build 230598 y v2.5 con anterioridad a Build 204931 en VMware Infrastructure 3,no controla correctamente la inicializaci\u00f3n dentro de Internet Explorer,lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio ( corrupci\u00f3n de memoria ) a trav\u00e9s de un documento HTML manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tomsawyer:get_extension_factory:5.5.2.237:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C96FF83B-F824-415F-A0BF-D0089F295047\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:virtual_infrastructure_client:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD305506-02D6-47EA-9947-CE3227EDD79E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:virtual_infrastructure_client:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"281E1084-61E9-4B33-AF60-26F2620F874C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD0E3A11-F411-4653-96ED-05ECE4DCF401\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/44826\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44844\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1025602\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/48099\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67816\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/44826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1025602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/48099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-PMH8-QF2W-QVJQ

Vulnerability from github – Published: 2022-05-17 01:55 – Updated: 2022-05-17 01:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-2217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-06T19:55:00Z",
    "severity": "HIGH"
  },
  "details": "Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.",
  "id": "GHSA-pmh8-qf2w-qvjq",
  "modified": "2022-05-17T01:55:21Z",
  "published": "2022-05-17T01:55:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2217"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67816"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44826"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44844"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025602"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48099"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-330

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare, dont certaines peuvent permettre l'exécution de code arbitraire à distance.

Description

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare :

une vulnérabilité dans le pilote pour les cartes Intel PRO/1000 sous Linux, qui peut être exploitée pour contourner les filtres réseaux ;
plusieurs vulnérabilités dans des composants tiers du serveur ESX permettent à un utilisateur local malveillant d'élever ses privilèges, à un attaquant sous certaines conditions d'exécuter du code arbitraire à distance, et à un attaquant de créer des dénis de service localement ou à distance ;
plusieurs vulnérabilités dans le système de fichiers Host Guest (HGFS) pour les systèmes Unix peuvent être exploitées par un attaquant dans la machine cliente pour obtenir des informations sur l'existence de fichiers sur la machine hôte, et pour élever ses privilèges (notamment par un accès concurrentiel type "Race Condition" en montant un répertoire) ;
une vulnérabilité dans les contrôles ActiveX du client VI permet à un attaquant d'exécuter du code arbitraire à distance à l'aide d'un site Web spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMWare Workstation versions 7.1.3 et antérieures ;
VMware	N/A	VMWare Player versions 3.1.3 et antérieures ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESX400-201104401-BG ;
VMware	Fusion	VMWare Fusion versions 3.1.2 et antérieures ;
VMware	ESXi	ESXi 4.1 sans le correctif ESX410-201104401-BG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESXi400-201104402-BG ;
VMware	ESXi	ESXi 4.1 sans le correctif ESXi410-201104402-BG ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2011-0009 du 06 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMWare Workstation versions 7.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Player versions 3.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESX400-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Fusion versions 3.1.2 et ant\u00e9rieures ;",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESX410-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESXi400-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESXi410-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare\n:\n\n-   une vuln\u00e9rabilit\u00e9 dans le pilote pour les cartes Intel PRO/1000 sous\n    Linux, qui peut \u00eatre exploit\u00e9e pour contourner les filtres r\u00e9seaux ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans des composants tiers du serveur ESX\n    permettent \u00e0 un utilisateur local malveillant d\u0027\u00e9lever ses\n    privil\u00e8ges, \u00e0 un attaquant sous certaines conditions d\u0027ex\u00e9cuter du\n    code arbitraire \u00e0 distance, et \u00e0 un attaquant de cr\u00e9er des d\u00e9nis de\n    service localement ou \u00e0 distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans le syst\u00e8me de fichiers Host Guest\n    (HGFS) pour les syst\u00e8mes Unix peuvent \u00eatre exploit\u00e9es par un\n    attaquant dans la machine cliente pour obtenir des informations sur\n    l\u0027existence de fichiers sur la machine h\u00f4te, et pour \u00e9lever ses\n    privil\u00e8ges (notamment par un acc\u00e8s concurrentiel type \"Race\n    Condition\" en montant un r\u00e9pertoire) ;\n-   une vuln\u00e9rabilit\u00e9 dans les contr\u00f4les ActiveX du client VI permet \u00e0\n    un attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance \u00e0 l\u0027aide d\u0027un\n    site Web sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2240"
    },
    {
      "name": "CVE-2011-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1787"
    },
    {
      "name": "CVE-2011-2145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2145"
    },
    {
      "name": "CVE-2009-3080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3080"
    },
    {
      "name": "CVE-2011-2217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2217"
    },
    {
      "name": "CVE-2009-4536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4536"
    },
    {
      "name": "CVE-2010-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1188"
    },
    {
      "name": "CVE-2011-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2146"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-330",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare,\ndont certaines peuvent permettre l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMWare",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0009 du 06 juin 2011",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    }
  ]
}

CERTA-2011-AVI-330

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare, dont certaines peuvent permettre l'exécution de code arbitraire à distance.

Description

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare :

une vulnérabilité dans le pilote pour les cartes Intel PRO/1000 sous Linux, qui peut être exploitée pour contourner les filtres réseaux ;
plusieurs vulnérabilités dans des composants tiers du serveur ESX permettent à un utilisateur local malveillant d'élever ses privilèges, à un attaquant sous certaines conditions d'exécuter du code arbitraire à distance, et à un attaquant de créer des dénis de service localement ou à distance ;
plusieurs vulnérabilités dans le système de fichiers Host Guest (HGFS) pour les systèmes Unix peuvent être exploitées par un attaquant dans la machine cliente pour obtenir des informations sur l'existence de fichiers sur la machine hôte, et pour élever ses privilèges (notamment par un accès concurrentiel type "Race Condition" en montant un répertoire) ;
une vulnérabilité dans les contrôles ActiveX du client VI permet à un attaquant d'exécuter du code arbitraire à distance à l'aide d'un site Web spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMWare Workstation versions 7.1.3 et antérieures ;
VMware	N/A	VMWare Player versions 3.1.3 et antérieures ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESX400-201104401-BG ;
VMware	Fusion	VMWare Fusion versions 3.1.2 et antérieures ;
VMware	ESXi	ESXi 4.1 sans le correctif ESX410-201104401-BG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESXi400-201104402-BG ;
VMware	ESXi	ESXi 4.1 sans le correctif ESXi410-201104402-BG ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2011-0009 du 06 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMWare Workstation versions 7.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Player versions 3.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESX400-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Fusion versions 3.1.2 et ant\u00e9rieures ;",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESX410-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESXi400-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESXi410-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare\n:\n\n-   une vuln\u00e9rabilit\u00e9 dans le pilote pour les cartes Intel PRO/1000 sous\n    Linux, qui peut \u00eatre exploit\u00e9e pour contourner les filtres r\u00e9seaux ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans des composants tiers du serveur ESX\n    permettent \u00e0 un utilisateur local malveillant d\u0027\u00e9lever ses\n    privil\u00e8ges, \u00e0 un attaquant sous certaines conditions d\u0027ex\u00e9cuter du\n    code arbitraire \u00e0 distance, et \u00e0 un attaquant de cr\u00e9er des d\u00e9nis de\n    service localement ou \u00e0 distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans le syst\u00e8me de fichiers Host Guest\n    (HGFS) pour les syst\u00e8mes Unix peuvent \u00eatre exploit\u00e9es par un\n    attaquant dans la machine cliente pour obtenir des informations sur\n    l\u0027existence de fichiers sur la machine h\u00f4te, et pour \u00e9lever ses\n    privil\u00e8ges (notamment par un acc\u00e8s concurrentiel type \"Race\n    Condition\" en montant un r\u00e9pertoire) ;\n-   une vuln\u00e9rabilit\u00e9 dans les contr\u00f4les ActiveX du client VI permet \u00e0\n    un attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance \u00e0 l\u0027aide d\u0027un\n    site Web sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2240"
    },
    {
      "name": "CVE-2011-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1787"
    },
    {
      "name": "CVE-2011-2145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2145"
    },
    {
      "name": "CVE-2009-3080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3080"
    },
    {
      "name": "CVE-2011-2217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2217"
    },
    {
      "name": "CVE-2009-4536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4536"
    },
    {
      "name": "CVE-2010-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1188"
    },
    {
      "name": "CVE-2011-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2146"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-330",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare,\ndont certaines peuvent permettre l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMWare",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0009 du 06 juin 2011",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    }
  ]
}

GSD-2011-2217

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2217

Aliases

CVE-2011-2217

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2217",
    "description": "Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.",
    "id": "GSD-2011-2217",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2011-2217"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2217"
      ],
      "details": "Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.",
      "id": "GSD-2011-2217",
      "modified": "2023-12-13T01:19:07.157931Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-2217",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "vmware-viclient-code-exec(67816)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67816"
          },
          {
            "name": "20110603 Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911"
          },
          {
            "name": "44844",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44844"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
          },
          {
            "name": "48099",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/48099"
          },
          {
            "name": "44826",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44826"
          },
          {
            "name": "1025602",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1025602"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:tomsawyer:get_extension_factory:5.5.2.237:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:virtual_infrastructure_client:2.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:virtual_infrastructure_client:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2217"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20110603 Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911"
            },
            {
              "name": "44826",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/44826"
            },
            {
              "name": "1025602",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1025602"
            },
            {
              "name": "48099",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/48099"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
            },
            {
              "name": "44844",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44844"
            },
            {
              "name": "vmware-viclient-code-exec(67816)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67816"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:29Z",
      "publishedDate": "2011-06-06T19:55Z"
    }
  }
}

FKIE_CVE-2011-2217

Vulnerability from fkie_nvd - Published: 2011-06-06 19:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911
cve@mitre.org	http://secunia.com/advisories/44826	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/44844
cve@mitre.org	http://securitytracker.com/id?1025602
cve@mitre.org	http://www.securityfocus.com/bid/48099
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2011-0009.html	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/67816
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44826	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44844
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025602
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48099
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0009.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67816

Impacted products

Vendor	Product	Version
tomsawyer	get_extension_factory	5.5.2.237
vmware	virtual_infrastructure_client	2.0.2
vmware	virtual_infrastructure_client	2.5
vmware	infrastructure	3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tomsawyer:get_extension_factory:5.5.2.237:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96FF83B-F824-415F-A0BF-D0089F295047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:virtual_infrastructure_client:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD305506-02D6-47EA-9947-CE3227EDD79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:virtual_infrastructure_client:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "281E1084-61E9-4B33-AF60-26F2620F874C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0E3A11-F411-4653-96ED-05ECE4DCF401",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document."
    },
    {
      "lang": "es",
      "value": "Algunos controles ActiveX en (1) tsgetxu71ex552.dll y (2) tsgetx71ex552.dll en Tom Sawyer GET Extension Factory v5.5.2.237, como se usa en VI Client (tambi\u00e9n conocido como VMware Infrastructure Client) v2.0.2 con anterioridad a Build 230598 y v2.5 con anterioridad a Build 204931 en VMware Infrastructure 3,no controla correctamente la inicializaci\u00f3n dentro de Internet Explorer,lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio ( corrupci\u00f3n de memoria ) a trav\u00e9s de un documento HTML manipulado."
    }
  ],
  "id": "CVE-2011-2217",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-06-06T19:55:03.800",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44826"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/44844"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1025602"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/48099"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67816"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2217 (GCVE-0-2011-2217)

GHSA-PMH8-QF2W-QVJQ

CERTA-2011-AVI-330

Description

Solution

CERTA-2011-AVI-330

Description

Solution

GSD-2011-2217

FKIE_CVE-2011-2217

Tags

Sightings

Nomenclature