Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C67650A565BD5FD35FBD52B030B32454
HistoryJun 19, 2011 - 12:00 a.m.

Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

2011-06-1900:00:00
SAINT Corporation
www.saintcorporation.com
26

0.958 High

EPSS

Percentile

99.4%

JSON

Added: 06/19/2011
CVE: CVE-2011-2217
BID: 48099

Background

Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools.

Problem

Certain ActiveX controls in **tsgetxu71ex552.dll** and **tsgetx71ex552.dll** in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer. A remote attacker could execute arbitrary code or cause a denial of service (memory corruption) by enticing a user to open a specially crafted HTML document in Internet Explorer.

Resolution

Upgrade or apply patches as described in VMware Security Advisory 2011-0009.

References

<http://secunia.com/advisories/44826/&gt;

Limitations

Exploit works on VMware VI Client 2.0.2.61426.

The user must open the exploit file in Internet Explorer 7 on the target system.

Platforms

Windows

Related

saint 3
cvelist 1
nessus 3
prion 1
securityvulns 2
packetstorm 2
nvd 1
checkpoint_advisories 1
cve 1
openvas 2
vmware 2
saint
saint
Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption
2011-06-19 00:00:00
Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption
2011-06-19 00:00:00
Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption
2011-06-19 00:00:00
cvelist
cvelist
CVE-2011-2217
2011-06-06 19:00:00
nessus
nessus
Tom Sawyer Software GET Extension Factory COM Object Instantiation Memory Corruption
2011-06-07 00:00:00
VMSA-2011-0009 : VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
2011-06-06 00:00:00
VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check)
2016-03-04 00:00:00
prion
prion
Memory corruption
2011-06-06 19:55:00
securityvulns
securityvulns
iDefense Security Advisory 05.03.11: Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability
2011-06-11 00:00:00
VMWare VirtualCenter ActiveX memory corruption
2011-06-11 00:00:00
packetstorm
packetstorm
Tom Sawyer Software GET Extension Factory Remote Code Execution
2012-06-11 00:00:00
Embarcadero ER/Studio XE2 Server Portal Code Execution
2011-09-08 00:00:00
nvd
nvd
CVE-2011-2217
2011-06-06 19:55:03
checkpoint_advisories
checkpoint_advisories
Tom Sawyer ActiveX Control Memory Corruption (CVE-2011-2217)
2011-11-01 00:00:00
cve
cve
CVE-2011-2217
2011-06-06 19:55:03
openvas
openvas
VMSA-2011-0009.3 VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
2012-03-16 00:00:00
VMware ESXi/ESX patches and VI Client update resolve multiple security issues (VMSA-2011-0009.3)
2012-03-16 00:00:00
vmware
vmware
VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
2011-06-02 00:00:00
VMware hosted product updates, ESX patches and VI Client update resolve multiple security issue
2011-06-02 00:00:00

0.958 High

EPSS

Percentile

99.4%

JSON
Related for SAINT:C67650A565BD5FD35FBD52B030B32454
saint3cvelist1nessus3prion1securityvulns2packetstorm2nvd1checkpoint_advisories1cve1openvas2vmware2