CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.3%
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | infrastructure | 3 | cpe:/a:vmware:infrastructure:3::: |
vmware | virtual_infrastructure_client | 2.5 | cpe:/a:vmware:virtual_infrastructure_client:2.5::: |
vmware | virtual_infrastructure_client | 2.0.2 | cpe:/a:vmware:virtual_infrastructure_client:2.0.2::: |
tomsawyer | get_extension_factory | 5.5.2.237 | cpe:/a:tomsawyer:get_extension_factory:5.5.2.237::: |