Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Published: 2011-08-10
Updated: 2022-02-28
Summary
The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."
Vulnerable Configurations
Msbulletin
bulletin_id | MS11-057 |
bulletin_url | |
date | 2011-08-09T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2559049 |
knowledgebase_url | |
severity | Critical |
title | Cumulative Security Update for Internet Explorer |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS11-057.NASL |
description | The remote host is missing Internet Explorer (IE) Security Update 2559049. The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 55787 |
published | 2011-08-09 |
reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/55787 |
title | MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049) |
Oval
accepted | 2014-08-18T04:00:35.087-04:00 |
class | vulnerability |
contributors | name | Dragos Prisaca | organization | Symantec Corporation |
name | Maria Mikhno | organization | ALTX-SOFT |
name | Maria Mikhno | organization | ALTX-SOFT |
|
definition_extensions | comment | Microsoft Windows XP (32-bit) is installed | oval | oval:org.mitre.oval:def:1353 |
comment | Microsoft Internet Explorer 6 is installed | oval | oval:org.mitre.oval:def:563 |
comment | Microsoft Windows XP x64 is installed | oval | oval:org.mitre.oval:def:15247 |
comment | Microsoft Windows Server 2003 (32-bit) is installed | oval | oval:org.mitre.oval:def:1870 |
comment | Microsoft Windows Server 2003 (x64) is installed | oval | oval:org.mitre.oval:def:730 |
comment | Microsoft Windows Server 2003 (ia64) Gold is installed | oval | oval:org.mitre.oval:def:396 |
comment | Microsoft Internet Explorer 6 is installed | oval | oval:org.mitre.oval:def:563 |
comment | Microsoft Windows XP (32-bit) is installed | oval | oval:org.mitre.oval:def:1353 |
comment | Microsoft Windows XP x64 is installed | oval | oval:org.mitre.oval:def:15247 |
comment | Microsoft Windows Server 2003 (32-bit) is installed | oval | oval:org.mitre.oval:def:1870 |
comment | Microsoft Windows Server 2003 (x64) is installed | oval | oval:org.mitre.oval:def:730 |
comment | Microsoft Windows Server 2003 (ia64) Gold is installed | oval | oval:org.mitre.oval:def:396 |
comment | Microsoft Internet Explorer 7 is installed | oval | oval:org.mitre.oval:def:627 |
comment | Microsoft Windows Vista (32-bit) is installed | oval | oval:org.mitre.oval:def:1282 |
comment | Microsoft Windows Vista x64 Edition is installed | oval | oval:org.mitre.oval:def:2041 |
comment | Microsoft Windows Server 2008 (32-bit) is installed | oval | oval:org.mitre.oval:def:4870 |
comment | Microsoft Windows Server 2008 (64-bit) is installed | oval | oval:org.mitre.oval:def:5356 |
comment | Microsoft Windows Server 2008 (ia-64) is installed | oval | oval:org.mitre.oval:def:5667 |
comment | Microsoft Internet Explorer 7 is installed | oval | oval:org.mitre.oval:def:627 |
comment | Microsoft Windows XP (32-bit) is installed | oval | oval:org.mitre.oval:def:1353 |
comment | Microsoft Windows XP x64 is installed | oval | oval:org.mitre.oval:def:15247 |
comment | Microsoft Windows Server 2003 (32-bit) is installed | oval | oval:org.mitre.oval:def:1870 |
comment | Microsoft Windows Server 2003 (x64) is installed | oval | oval:org.mitre.oval:def:730 |
comment | Microsoft Windows Vista (32-bit) is installed | oval | oval:org.mitre.oval:def:1282 |
comment | Microsoft Windows Vista x64 Edition is installed | oval | oval:org.mitre.oval:def:2041 |
comment | Microsoft Windows Server 2008 (32-bit) is installed | oval | oval:org.mitre.oval:def:4870 |
comment | Microsoft Windows Server 2008 (64-bit) is installed | oval | oval:org.mitre.oval:def:5356 |
comment | Microsoft Internet Explorer 8 is installed | oval | oval:org.mitre.oval:def:6210 |
comment | Microsoft Windows 7 (32-bit) is installed | oval | oval:org.mitre.oval:def:6165 |
comment | Microsoft Windows 7 x64 Edition is installed | oval | oval:org.mitre.oval:def:5950 |
comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | oval | oval:org.mitre.oval:def:6438 |
comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | oval | oval:org.mitre.oval:def:5954 |
comment | Microsoft Internet Explorer 8 is installed | oval | oval:org.mitre.oval:def:6210 |
comment | Microsoft Windows 7 (32-bit) is installed | oval | oval:org.mitre.oval:def:6165 |
comment | Microsoft Windows 7 x64 Edition is installed | oval | oval:org.mitre.oval:def:5950 |
comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | oval | oval:org.mitre.oval:def:6438 |
comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | oval | oval:org.mitre.oval:def:5954 |
comment | Microsoft Internet Explorer 8 is installed | oval | oval:org.mitre.oval:def:6210 |
comment | Microsoft Windows Vista (32-bit) is installed | oval | oval:org.mitre.oval:def:1282 |
comment | Microsoft Windows Vista x64 Edition is installed | oval | oval:org.mitre.oval:def:2041 |
comment | Microsoft Windows Server 2008 (32-bit) is installed | oval | oval:org.mitre.oval:def:4870 |
comment | Microsoft Windows Server 2008 (64-bit) is installed | oval | oval:org.mitre.oval:def:5356 |
comment | Microsoft Windows 7 (32-bit) is installed | oval | oval:org.mitre.oval:def:6165 |
comment | Microsoft Windows 7 x64 Edition is installed | oval | oval:org.mitre.oval:def:5950 |
comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | oval | oval:org.mitre.oval:def:6438 |
comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | oval | oval:org.mitre.oval:def:5954 |
comment | Microsoft Internet Explorer 9 is installed | oval | oval:org.mitre.oval:def:11985 |
|
description | The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." |
family | windows |
id | oval:org.mitre.oval:def:12684 |
status | accepted |
submitted | 2011-08-09T13:00:00 |
title | Telnet Handler Remote Code Execution Vulnerability |
version | 77 |
Saint
bid | 49027 |
description | Internet Explorer Telnet URI Insecure Loading |
id | win_patch_ie_v6,win_patch_ie_v7,win_patch_ie_v8,win_patch_ie_v9 |
osvdb | 74494 |
title | ie_url_telnet_insecure_load |
type | client |
Seebug
bulletinFamily | exploit |
description | Bugtraq ID: 49027 CVE ID:CVE-2011-1961 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer使用的telnet URI协议处理器存在一个远程代码执行漏洞,攻击者构建一个WEB页,诱使用户解析,可以登录用户上下文执行任意代码。 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-057.mspx |
id | SSV:20843 |
last seen | 2017-11-19 |
modified | 2011-08-10 |
published | 2011-08-10 |
reporter | Root |
title | Microsoft Internet Explorer Telnet URI处理器远程代码执行漏洞 |