Lucene search

K

[email protected]NVD:CVE-2011-0658

HistoryJun 16, 2011 - 8:55 p.m.

CVE-2011-0658

2011-06-1620:55:01

CWE-189

[email protected]

web.nvd.nist.gov

6

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.251

Percentile

96.7%

Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka “OLE Automation Underflow Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_2003_serversp2

OR

microsoftwindows_7Match-sp1x64

OR

microsoftwindows_7Match-sp1x86

OR

microsoftwindows_server_2003sp2

OR

microsoftwindows_server_2008itanium

OR

microsoftwindows_server_2008x32

OR

microsoftwindows_server_2008x64

OR

microsoftwindows_server_2008sp2x32

OR

microsoftwindows_server_2008sp2x64

OR

microsoftwindows_server_2008Match-sp2itanium

OR

microsoftwindows_server_2008Matchr2itanium

OR

microsoftwindows_server_2008Matchr2x64

OR

microsoftwindows_vistasp1

OR

microsoftwindows_vistasp2

OR

microsoftwindows_xp

OR

microsoftwindows_xpMatch-sp2x64

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-038

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12335

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.251

Percentile

96.7%

Related for NVD:CVE-2011-0658

checkpoint_advisories1 nessus1 openvas2 cve1 securityvulns2 prion1 cvelist1 seebug1