CVE-2011-1889 : The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Ma

The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."

Published 2011-06-16 20:55:03

Updated 2024-12-19 18:50:05

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2011-1889

Microsoft » Forefront Threat Management Gateway » Version: 2010
cpe:2.3:a:microsoft:forefront_threat_management_gateway:2010:*:*:*:*:*:*:*
Matching versions

CVE-2011-1889 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Microsoft Forefront TMG Remote Code Execution Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2011-1889

Added on 2022-03-03 Action due date 2022-03-24

Exploit prediction scoring system (EPSS) score for CVE-2011-1889

EPSS FAQ

81.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-1889

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST	2024-07-24
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2011-1889

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1889

https://exchange.xforce.ibmcloud.com/vulnerabilities/67736

Microsoft Forefront Threat Management Gateway TMG Firewall Client buffer overflow CVE-2011-1889 Vulnerability Report
Third Party Advisory;VDB Entry
http://secunia.com/advisories/44857

Sign in
Broken Link
http://www.securityfocus.com/bid/48181

Microsoft Forefront Threat Management Gateway (TMG) Firewall Client Memory Corruption Vulnerability
Broken Link;Third Party Advisory;VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642

Repository / Oval Repository
Broken Link
http://www.securitytracker.com/id?1025637

Microsoft Forefront Threat Management Gateway Bounds Validation Flaw in Winsock Provider Lets Remote Users Execute Arbitrary Code - SecurityTracker
Broken Link;Third Party Advisory;VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040

Microsoft Security Bulletin MS11-040 - Critical | Microsoft Docs
Patch;Vendor Advisory