|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability (CVE-2011-2217) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A code execution vulnerability has been reported in the Tom Sawyer GET Extension Factory COM object. The vulnerability is due to an error while instantiating the ActiveX control in a browser. This control was not meant to be used within a browser. As such, an attempt to instantiate it will cause it to initialize incorrectly, leading to memory corruption. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code in the context of the affected system. If code execution is unsuccessful, this can lead to unexpected termination of the affected application. | |
| Impact: | An attacker can execute arbitrary code in the context of the vulnerable system. Failed exploit may cause denial-of-service attack. | |
| Affected OS: | Windows | |
| Reference: | SecurityFocusBID:48099 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911 SecurityTrackerID:1025602 http://www.vmware.com/security/advisories/VMSA-2011-0009.html |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: http://www.vmware.com/security/advisories/VMSA-2011-0009.html |