CVE-2011-1266

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 16-06-2011 10:55

Last modified: - 28-02-2022 08:48

Total changes: - 2

Description

The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

AND

vendor=microsoft AND product=internet_explorer AND version=6

vendor=microsoft AND product=windows_server_2003 AND version=- AND update=sp2

vendor=microsoft AND product=windows_xp AND version=- AND update=sp2 AND target_hardware=x64

vendor=microsoft AND product=windows_xp AND version=- AND update=sp3

AND

vendor=microsoft AND product=internet_explorer AND version=7

vendor=microsoft AND product=windows_server_2003 AND version=- AND update=sp2

vendor=microsoft AND product=windows_server_2008 AND version=- AND update=-

vendor=microsoft AND product=windows_server_2008 AND version=- AND update=sp2

vendor=microsoft AND product=windows_vista AND version=- AND update=sp1

vendor=microsoft AND product=windows_vista AND version=- AND update=sp2

vendor=microsoft AND product=windows_xp AND version=- AND update=sp2 AND software_edition=professional AND target_hardware=x64

vendor=microsoft AND product=windows_xp AND version=- AND update=sp3

AND

vendor=microsoft AND product=internet_explorer AND version=8

vendor=microsoft AND product=windows_7 AND version=-

vendor=microsoft AND product=windows_server_2003 AND version=- AND update=sp2

vendor=microsoft AND product=windows_server_2008 AND version=- AND update=-

vendor=microsoft AND product=windows_server_2008 AND version=- AND update=sp2

vendor=microsoft AND product=windows_server_2008 AND version=r2 AND update=-

vendor=microsoft AND product=windows_server_2008 AND version=r2 AND update=sp1

vendor=microsoft AND product=windows_vista AND version=- AND update=sp1

vendor=microsoft AND product=windows_vista AND version=- AND update=sp2

vendor=microsoft AND product=windows_xp AND version=- AND update=sp2 AND software_edition=professional AND target_hardware=x64

vendor=microsoft AND product=windows_xp AND version=- AND update=sp3

Reference

oval:org.mitre.oval:def:12593-Tool Signature
MS11-052-Patch, Vendor Advisory

Keywords

CVE-2011-1266

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2011-1266

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures