CVE-2011-2217

Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:tomsawyer:get_extension_factory:5.5.2.237:*:*:*:*:*:*:*
cpe:2.3:a:vmware:virtual_infrastructure_client:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:virtual_infrastructure_client:2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*

History

21 Nov 2024, 01:27

Type Values Removed Values Added
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911 - () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911 -
References () http://secunia.com/advisories/44826 - Vendor Advisory () http://secunia.com/advisories/44826 - Vendor Advisory
References () http://secunia.com/advisories/44844 - () http://secunia.com/advisories/44844 -
References () http://securitytracker.com/id?1025602 - () http://securitytracker.com/id?1025602 -
References () http://www.securityfocus.com/bid/48099 - () http://www.securityfocus.com/bid/48099 -
References () http://www.vmware.com/security/advisories/VMSA-2011-0009.html - Vendor Advisory () http://www.vmware.com/security/advisories/VMSA-2011-0009.html - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/67816 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/67816 -

Information

Published : 2011-06-06 19:55

Updated : 2024-11-21 01:27


NVD link : CVE-2011-2217

Mitre link : CVE-2011-2217

CVE.ORG link : CVE-2011-2217


JSON object : View

Products Affected

tomsawyer

  • get_extension_factory

vmware

  • infrastructure
  • virtual_infrastructure_client
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer