10

CVE-2011-1889

Warning

The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."

Data is provided by the National Vulnerability Database (NVD)

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Forefront TMG Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 87.38% 0.994
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/48181
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1025637
Third Party Advisory
Broken Link
VDB Entry