Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-1251 | First vendor Publication | 2011-06-16 |
Vendor | Cve | Last vendor Modification | 2022-02-28 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1251 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12326 | |||
Oval ID: | oval:org.mitre.oval:def:12326 | ||
Title: | DOM Manipulation Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1251 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
ExploitDB Exploits
id | Description |
---|---|
2011-06-17 | MS11-050 IE mshtml!CObjectElement Use After Free |
OpenVAS Exploits
Date | Description |
---|---|
2011-06-15 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2530548) File : nvt/secpod_ms11-050.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72943 | Microsoft IE vgx.dll imagedata VML Object DOM Modification Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2019-06-22 | Microsoft Internet Explorer redirect to cdl protocol attempt RuleID : 50181 - Revision : 2 - Type : BROWSER-IE |
2018-02-22 | toStaticHTML CSS import XSS exploit attempt RuleID : 45514 - Revision : 1 - Type : BROWSER-IE |
2016-04-05 | Microsoft Internet Explorer covered object memory corruption attempt RuleID : 37967 - Revision : 2 - Type : BROWSER-IE |
2016-04-05 | Microsoft Internet Explorer covered object memory corruption attempt RuleID : 37966 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CSS expression defined to empty selection attempt RuleID : 28306 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20811 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20810 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20809 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20808 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20807 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20806 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20805 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20804 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20790 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20789 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20788 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20787 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20786 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20766 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer covered object memory corruption attempt RuleID : 19809 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer covered object memory corruption attempt RuleID : 19808 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 19266 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 19265 - Revision : 16 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CSS expression defined to empty selection attempt RuleID : 19246 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer redirect to cdl protocol attempt RuleID : 19245 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Internet Explorer CSS expression defined to empty slection attempt RuleID : 19244 - Revision : 3 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 19243 - Revision : 16 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 6/7/8 reload stylesheet attempt RuleID : 19240 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 toStaticHTML XSS attempt RuleID : 19239 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 self remove from markup vulnerability RuleID : 19238 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 19237 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer drag event memory corruption attempt RuleID : 19236 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer copy/paste memory corruption attempt RuleID : 19235 - Revision : 10 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-06-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms11-050.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
MS | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11... |
OVAL | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... |
Alert History
Date | Informations |
---|---|
2022-03-01 00:23:25 |
|
2021-07-27 00:24:32 |
|
2021-07-24 01:44:08 |
|
2021-07-24 01:08:27 |
|
2021-07-23 21:24:58 |
|
2020-09-28 17:22:43 |
|
2020-05-23 00:28:06 |
|
2019-02-26 17:19:35 |
|
2018-10-31 00:20:12 |
|
2018-10-13 05:18:30 |
|
2017-09-19 09:24:20 |
|
2016-08-31 12:02:38 |
|
2016-08-05 12:02:59 |
|
2016-06-29 00:19:10 |
|
2016-04-26 20:39:13 |
|
2014-02-17 11:01:19 |
|
2014-01-19 21:27:40 |
|
2013-05-10 22:57:12 |
|