Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-2217


Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.


Published

2011-06-06T19:55:03.800

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application tomsawyer get_extension_factory 5.5.2.237 Yes
Application vmware virtual_infrastructure_client 2.0.2 Yes
Application vmware virtual_infrastructure_client 2.5 Yes
Application vmware infrastructure 3 Yes

References