CVE-2011-2217: Buffer Overflow
First published: Mon Jun 06 2011(Updated: )
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tomsawyer Get Extension Factory | =5.5.2.237 | |
| Vmware Virtual Infrastructure Client | =2.0.2 | |
| Vmware Virtual Infrastructure Client | =2.5 | |
| VMware Infrastructure | =3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911
- http://secunia.com/advisories/44826
- http://securitytracker.com/id?1025602
- http://www.securityfocus.com/bid/48099
- http://www.vmware.com/security/advisories/VMSA-2011-0009.html
- http://secunia.com/advisories/44844
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67816
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- agent/severity
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tomsawyer
- canonical/tomsawyer get extension factory
- version/tomsawyer get extension factory/5.5.2.237
- vendor/vmware
- canonical/vmware virtual infrastructure client
- version/vmware virtual infrastructure client/2.0.2
- version/vmware virtual infrastructure client/2.5
- canonical/vmware infrastructure
- version/vmware infrastructure/3