Lucene search

MicrosoftCVE-2011-0094

HistoryApr 13, 2011 - 6:55 p.m.

CVE-2011-0094

2011-04-1318:55:01

CWE-399

microsoft

web.nvd.nist.gov

cve-2011-0094

use-after-free vulnerability

microsoft internet explorer

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.958

Percentile

99.4%

JSON

Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka “Layouts Handling Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch6

AND

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_server_2003sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoftinternet_explorerMatch7

AND

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_server_2003sp2

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp1

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

VendorProductVersionCPE
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
microsoft	windows_xp	-	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
microsoft	internet_explorer	7	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*