Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-1266 | First vendor Publication | 2011-06-16 |
Vendor | Cve | Last vendor Modification | 2022-02-28 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1266 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12593 | |||
Oval ID: | oval:org.mitre.oval:def:12593 | ||
Title: | VML Memory Corruption Vulnerability | ||
Description: | The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1266 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2011-06-15 | Name : Internet Explorer Vector Markup Language Remote Code Execution Vulnerability ... File : nvt/secpod_ms11-052.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72954 | Microsoft IE Vector Markup Language (VML) Object Handling Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer VML use after free attempt RuleID : 19910 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows Vector Markup Language imagedata page deconstruction attempt RuleID : 19242 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows Vector Markup Language imagedata page deconstruction attempt RuleID : 19241 - Revision : 13 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-06-15 | Name : The remote Active Directory Certificate Services Web Enrollment server is vul... File : microsoft_certsrv_anon_ms11-051.nasl - Type : ACT_ATTACK |
2011-06-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms11-052.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
MS | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11... |
OVAL | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... |
Alert History
Date | Informations |
---|---|
2022-03-01 00:23:25 |
|
2021-07-27 00:24:31 |
|
2021-07-24 01:44:08 |
|
2021-07-24 01:08:27 |
|
2021-07-23 21:24:58 |
|
2021-07-23 17:24:36 |
|
2020-09-28 17:22:43 |
|
2020-05-23 00:28:06 |
|
2019-02-26 17:19:35 |
|
2018-10-31 00:20:13 |
|
2018-10-13 05:18:31 |
|
2017-09-19 09:24:20 |
|
2016-08-31 12:02:39 |
|
2016-08-05 12:02:59 |
|
2016-06-29 00:19:16 |
|
2016-04-26 20:39:21 |
|
2014-02-17 11:01:21 |
|
2014-01-19 21:27:41 |
|
2013-05-10 22:57:16 |
|