Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2011-1266
HistoryJun 16, 2011 - 8:55 p.m.

CVE-2011-1266

2011-06-1620:55:01
CWE-908
microsoft
web.nvd.nist.gov
33
cve
2011
1266
vml
memory corruption
vulnerability
microsoft
internet explorer

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.886

Percentile

98.7%

JSON

The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka β€œVML Memory Corruption Vulnerability.”

Affected configurations

Nvd
Node
microsoftinternet_explorerMatch6
AND
microsoftwindows_server_2003Match-sp2
OR
microsoftwindows_xpMatch-sp2x64
OR
microsoftwindows_xpMatch-sp3
Node
microsoftinternet_explorerMatch7
AND
microsoftwindows_server_2003Match-sp2
OR
microsoftwindows_server_2008Match--
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_xpMatch-sp2professionalx64
OR
microsoftwindows_xpMatch-sp3
Node
microsoftinternet_explorerMatch8
AND
microsoftwindows_7Match-
OR
microsoftwindows_server_2003Match-sp2
OR
microsoftwindows_server_2008Match--
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_server_2008Matchr2-
OR
microsoftwindows_server_2008Matchr2sp1
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_xpMatch-sp2professionalx64
OR
microsoftwindows_xpMatch-sp3
VendorProductVersionCPE
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftwindows_server_2003-cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
Rows per page:
1-10 of 141

Related

checkpoint_advisories 1
openvas 2
zdi 1
seebug 1
cvelist 1
nessus 1
securityvulns 2
prion 1
symantec 1
nvd 1
threatpost 1
checkpoint_advisories
checkpoint_advisories
Internet Explorer VML related src URL Memory Corruption (MS11-052; CVE-2011-1266)
2011-06-14 00:00:00
openvas
openvas
Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
2011-06-15 00:00:00
Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
2011-06-15 00:00:00
zdi
zdi
Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability
2011-06-14 00:00:00
seebug
seebug
Microsoft Internet Explorer VMLε†…ε­˜η ΄εCVE-2011-1266θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2011-06-16 00:00:00
cvelist
cvelist
CVE-2011-1266
2011-06-16 20:21:00
nessus
nessus
MS11-052: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
2011-06-15 00:00:00
securityvulns
securityvulns
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability
2011-06-19 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2011-07-22 00:00:00
prion
prion
Memory corruption
2011-06-16 20:55:00
symantec
symantec
Microsoft Internet Explorer VML Memory Corruption CVE-2011-1266 Remote Code Execution Vulnerability
2011-06-14 00:00:00
nvd
nvd
CVE-2011-1266
2011-06-16 20:55:01
threatpost
threatpost
ExploitHub Offering Bounties – And Residuals – for Exploits
2011-10-05 13:11:31

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.886

Percentile

98.7%

JSON
Related for CVE-2011-1266
checkpoint_advisories1openvas2zdi1seebug1cvelist1nessus1securityvulns2prion1symantec1nvd1threatpost1