CVE-2011-1056

{"id": "CVE-2011-1056", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-02-21T21:00:00.833", "references": [{"url": "http://blog.metasploit.com/2011/02/metasploit-framework-352-released.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/70857", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43166", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0371", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://blog.metasploit.com/2011/02/metasploit-framework-352-released.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/70857", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43166", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0371", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse."}, {"lang": "es", "value": "El instalador de Metasploit Framework versi\u00f3n 3.5.1, cuando es ejecutado en Windows, usa permisos heredados d\u00e9biles para el directorio installation de Metasploit, que permite a los usuarios locales obtener privilegios al reemplazar archivos cr\u00edticos con unos de tipo caballo de Troya."}], "lastModified": "2024-11-21T01:25:25.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:metasploit:metasploit_framework:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1D5B5D1-4A4D-46B8-A65E-5903BA2C6875"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}