CVE-2011-1889
CVE-2011-1889
In short
A flaw in Microsoft Forefront TMG 2010's firewall client allows attackers to send specially crafted requests that cause memory corruption, leading to arbitrary code execution on affected systems.
Technical detail
The NSPLookupServiceNext function in the TMG 2010 firewall client fails to properly validate input, resulting in a buffer overflow (CWE-119) that can be exploited remotely without authentication. Successful exploitation allows arbitrary code execution with the privileges of the client process.
Summary generated and translated by AI from the official description.
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040http://secunia.com/advisories/44857https://exchange.xforce.ibmcloud.com/vulnerabilities/67736https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-1889http://www.securityfocus.com/bid/48181http://www.securitytracker.com/id?1025637