CVE-2011-1889
KEV
🔴 Łataj teraz
Korupcja pamięci w kliencie TMG 2010 umożliwia zdalne wykonanie dowolnego kodu.
CVSS
9.8
EPSS
87.2%
Exploit
weaponized
Vendor
microsoft
Opis źródłowy (NVD)
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 87.2% |
| Opublikowano (NVD) | 2011-06-16 20:55:02 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-22 10:35:29 UTC |
Referencje
- http://secunia.com/advisories/44857 (secure@microsoft.com) [Broken Link]
- http://www.securityfocus.com/bid/48181 (secure@microsoft.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id?1025637 (secure@microsoft.com) [Broken Link, Third Party Advisory, VDB Entry]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040 (secure@microsoft.com) [Patch, Vendor Advisory]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67736 (secure@microsoft.com) [Third Party Advisory, VDB Entry]
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642 (secure@microsoft.com) [Broken Link]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-1889 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]