CVE-2011-2217
Last modified
CVE-2011-2217 is a vulnerability of currently unknown severity. Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.. EPSS estimates a 41.96% chance of exploitation in the next 30 days.
Description
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tomsawyer | Get Extension Factory | 5.5.2.237 |
| Vmware | Virtual Infrastructure Client | 2.0.2 |
| Vmware | Virtual Infrastructure Client | 2.5 |
| Vmware | Infrastructure | 3 |
References
- http://secunia.com/advisories/44826Vendor Advisory
- http://secunia.com/advisories/44826Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-2217?
How severe is CVE-2011-2217?
How do I fix CVE-2011-2217?
Are you affected by CVE-2011-2217?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST