← Retour aux CVEs
CVE-2011-1889
CRITICALCISA KEV9.8
Description
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie6/16/2011
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitForefront Threat Management Gateway (TMG)
Nom vulnerabiliteMicrosoft Forefront TMG Remote Code Execution Vulnerability
Date ajout KEV2022-03-03
Date limite remediation2022-03-24
Utilise dans ransomwareUnknown
Produits affectes
microsoft:forefront_threat_management_gateway
Faiblesses (CWE)
CWE-119CWE-119
References
http://secunia.com/advisories/44857(secure@microsoft.com)
http://www.securityfocus.com/bid/48181(secure@microsoft.com)
http://www.securitytracker.com/id?1025637(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67736(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642(secure@microsoft.com)
http://secunia.com/advisories/44857(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/48181(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1025637(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67736(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-1889(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.