Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-1255 | First vendor Publication | 2011-06-16 |
Vendor | Cve | Last vendor Modification | 2022-02-28 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1255 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12227 | |||
Oval ID: | oval:org.mitre.oval:def:12227 | ||
Title: | Time Element Memory Corruption Vulnerability | ||
Description: | The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1255 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Internet Explorer Time Element Memory Corruption | More info here |
ExploitDB Exploits
id | Description |
---|---|
2011-06-17 | MS11-050 IE mshtml!CObjectElement Use After Free |
OpenVAS Exploits
Date | Description |
---|---|
2011-06-15 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2530548) File : nvt/secpod_ms11-050.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72947 | Microsoft IE Time Element Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2019-06-22 | Microsoft Internet Explorer redirect to cdl protocol attempt RuleID : 50181 - Revision : 2 - Type : BROWSER-IE |
2018-02-22 | toStaticHTML CSS import XSS exploit attempt RuleID : 45514 - Revision : 1 - Type : BROWSER-IE |
2016-04-05 | Microsoft Internet Explorer covered object memory corruption attempt RuleID : 37967 - Revision : 2 - Type : BROWSER-IE |
2016-04-05 | Microsoft Internet Explorer covered object memory corruption attempt RuleID : 37966 - Revision : 2 - Type : BROWSER-IE |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Java v1.6.32 and older RuleID : 30009 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 8... RuleID : 30008 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 7... RuleID : 30007 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 6... RuleID : 30006 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Google Chrome with Java befor... RuleID : 30005 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Java before v1.7.17 RuleID : 30004 - Revision : 3 - Type : EXPLOIT-KIT |
2018-06-15 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003-community - Revision : 6 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003 - Revision : 6 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit Java download attempt RuleID : 30002 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit landing page detected RuleID : 30001 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Internet Explorer CSS expression defined to empty selection attempt RuleID : 28306 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | KaiXin exploit kit Java Class download RuleID : 24793 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24670 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24669 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24668 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24667 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt malicious string RuleID : 20822 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20811 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20810 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20809 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20808 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20807 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20806 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20805 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20804 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20790 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20789 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20788 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20787 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20786 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20766 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer covered object memory corruption attempt RuleID : 19809 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer covered object memory corruption attempt RuleID : 19808 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 19266 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 19265 - Revision : 16 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CSS expression defined to empty selection attempt RuleID : 19246 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer redirect to cdl protocol attempt RuleID : 19245 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Internet Explorer CSS expression defined to empty slection attempt RuleID : 19244 - Revision : 3 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 19243 - Revision : 16 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 6/7/8 reload stylesheet attempt RuleID : 19240 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 toStaticHTML XSS attempt RuleID : 19239 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 self remove from markup vulnerability RuleID : 19238 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer contenteditable corruption attempt RuleID : 19237 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer drag event memory corruption attempt RuleID : 19236 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer copy/paste memory corruption attempt RuleID : 19235 - Revision : 10 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-06-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms11-050.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2022-03-01 00:23:25 |
|
2021-07-27 00:24:32 |
|
2021-07-24 01:44:08 |
|
2021-07-24 01:08:27 |
|
2021-07-23 21:24:58 |
|
2021-07-23 17:24:36 |
|
2020-09-28 17:22:43 |
|
2020-05-23 00:28:06 |
|
2019-02-26 17:19:35 |
|
2018-10-31 00:20:12 |
|
2018-10-13 05:18:30 |
|
2017-09-19 09:24:20 |
|
2016-08-31 12:02:38 |
|
2016-08-05 12:02:59 |
|
2016-06-28 18:35:56 |
|
2016-04-26 20:39:16 |
|
2014-04-03 21:21:28 |
|
2014-02-17 11:01:20 |
|
2014-01-19 21:27:40 |
|
2013-05-10 22:57:13 |
|