|
|
|
|
| |
Credit:
The information has been provided by Elazar Broad.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911
|
| |
Vulnerable Systems:
* Tom Sawyer's Default GET Extension Factory 5.5.2.237
* Tom Sawyer's Default GET Extension Factory tsgetxu71ex552.dll
* Tom Sawyer's Default GET Extension Factory tsgetx71ex552.dll
* VMWare VI Clients prior to 2.0.2 build 230598
* VMWare VI Clients prior to 2.5 build 204931
* vSphere Client versions are not vulnerable.
The vulnerability exists within the way that Internet Explorer instantiates GET Extension Factory COM objects, which is not intended to be created inside of the browser. The object does not initialize properly, and this leads to a memory corruption vulnerability that an attacker can exploit to execute arbitrary code.
Exploitation of this vulnerability would allow an attacker to execute arbitrary code with the privileges of the affected user. In order to exploit this vulnerability, an attacker would have to convince the target to visit a website. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites.
Patch Availability:
VMware Inc. has released patches to address this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown:
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
Workaround:
Setting the kill bit for those controls will prevent exploitation. The CLSIDs for the controls are A2282403-50DE-4A2E-A118-B90AEDB1ADCC and 575B655F-FED4-4EE1-8F62-0A69D404F46B
CVE Information:
CVE-2011-2217
Disclosure Timeline:
11/11/2008 Initial Vendor Notification
11/11/2008 Initial Vendor Reply
05/03/2011 Coordinated Public Disclosure
|
|
|
|
|
