PT-2011-3687 · Vmware+2 · Vi Client+2
Publicado
2011-06-06
·
Atualizado
2017-08-29
·
CVE-2011-2217
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tom Sawyer GET Extension Factory versions 5.5.2.237
VI Client (aka VMware Infrastructure Client) versions 2.0.2 before Build 230598
VI Client (aka VMware Infrastructure Client) versions 2.5 before Build 204931
Description
The issue arises from certain ActiveX controls in Tom Sawyer GET Extension Factory not handling initialization within Internet Explorer properly. This allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted HTML document.
Recommendations
For Tom Sawyer GET Extension Factory version 5.5.2.237, update to a version that properly handles ActiveX control initialization.
For VI Client (aka VMware Infrastructure Client) version 2.0.2, update to Build 230598 or later.
For VI Client (aka VMware Infrastructure Client) version 2.5, update to Build 204931 or later.
Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Internet Explorer
Tom Sawyer Get Extension Factory
Vi Client