← Zuruck zu CVEs
CVE-2011-1889
CRITICALCISA KEV9.8
Beschreibung
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht6/16/2011
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerMicrosoft
ProduktForefront Threat Management Gateway (TMG)
SchwachstellennameMicrosoft Forefront TMG Remote Code Execution Vulnerability
KEV Aufnahmedatum2022-03-03
Behebungsfrist2022-03-24
Ransomware-NutzungUnknown
Betroffene Produkte
microsoft:forefront_threat_management_gateway
Schwachen (CWE)
CWE-119CWE-119
Referenzen
http://secunia.com/advisories/44857(secure@microsoft.com)
http://www.securityfocus.com/bid/48181(secure@microsoft.com)
http://www.securitytracker.com/id?1025637(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67736(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642(secure@microsoft.com)
http://secunia.com/advisories/44857(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/48181(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1025637(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67736(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-1889(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.