CVE-2011-1889
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 04, 2011
- Published Date
- June 16, 2011
- Last Updated
- February 10, 2025
- Vendor
- Microsoft
- Product
- Forefront Threat Management Gateway
- Description
- The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2022-03-03 00:00:00 UTC) Source
cisa
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
10.0
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
SSVC Information
Exploit Status
References
http://www.securitytracker.com/id?1025637
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040
https://exchange.xforce.ibmcloud.com/vulnerabilities/67736
http://www.securityfocus.com/bid/48181
http://secunia.com/advisories/44857
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-03 00:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel