Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Published: 2011-08-10
Updated: 2022-02-28
Summary
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Msbulletin
| bulletin_id | MS11-057 |
| bulletin_url | |
| date | 2011-08-09T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2559049 |
| knowledgebase_url | |
| severity | Critical |
| title | Cumulative Security Update for Internet Explorer |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS11-057.NASL |
| description | The remote host is missing Internet Explorer (IE) Security Update 2559049. The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 55787 |
| published | 2011-08-09 |
| reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/55787 |
| title | MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049) |
Oval
| accepted | 2014-08-18T04:00:37.693-04:00 |
| class | vulnerability |
| contributors | | name | Dragos Prisaca | | organization | Symantec Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
|
| definition_extensions | | comment | Microsoft Windows XP (32-bit) is installed | | oval | oval:org.mitre.oval:def:1353 |
| comment | Microsoft Windows XP x64 is installed | | oval | oval:org.mitre.oval:def:15247 |
| comment | Microsoft Windows Server 2003 (32-bit) is installed | | oval | oval:org.mitre.oval:def:1870 |
| comment | Microsoft Windows Server 2003 (x64) is installed | | oval | oval:org.mitre.oval:def:730 |
| comment | Microsoft Windows Server 2003 (ia64) Gold is installed | | oval | oval:org.mitre.oval:def:396 |
| comment | Microsoft Internet Explorer 7 is installed | | oval | oval:org.mitre.oval:def:627 |
| comment | Microsoft Windows Vista (32-bit) is installed | | oval | oval:org.mitre.oval:def:1282 |
| comment | Microsoft Windows Vista x64 Edition is installed | | oval | oval:org.mitre.oval:def:2041 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| comment | Microsoft Windows Server 2008 (ia-64) is installed | | oval | oval:org.mitre.oval:def:5667 |
| comment | Microsoft Internet Explorer 7 is installed | | oval | oval:org.mitre.oval:def:627 |
| comment | Microsoft Windows XP (32-bit) is installed | | oval | oval:org.mitre.oval:def:1353 |
| comment | Microsoft Windows XP x64 is installed | | oval | oval:org.mitre.oval:def:15247 |
| comment | Microsoft Windows Server 2003 (32-bit) is installed | | oval | oval:org.mitre.oval:def:1870 |
| comment | Microsoft Windows Server 2003 (x64) is installed | | oval | oval:org.mitre.oval:def:730 |
| comment | Microsoft Windows Vista (32-bit) is installed | | oval | oval:org.mitre.oval:def:1282 |
| comment | Microsoft Windows Vista x64 Edition is installed | | oval | oval:org.mitre.oval:def:2041 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| comment | Microsoft Internet Explorer 8 is installed | | oval | oval:org.mitre.oval:def:6210 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Internet Explorer 8 is installed | | oval | oval:org.mitre.oval:def:6210 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Internet Explorer 8 is installed | | oval | oval:org.mitre.oval:def:6210 |
| comment | Microsoft Windows Vista (32-bit) is installed | | oval | oval:org.mitre.oval:def:1282 |
| comment | Microsoft Windows Vista x64 Edition is installed | | oval | oval:org.mitre.oval:def:2041 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Internet Explorer 9 is installed | | oval | oval:org.mitre.oval:def:11985 |
|
| description | Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability." |
| family | windows |
| id | oval:org.mitre.oval:def:12753 |
| status | accepted |
| submitted | 2011-08-09T13:00:00 |
| title | XSLT Memory Corruption Vulnerability |
| version | 77 |
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID: 49037 CVE ID:CVE-2011-1963 Microsoft Internet Explorer是一款流行的WEB浏览器。 负责重载根文档(root document)对象标记的应用代码存在缺陷。在重载标记过程中,应用程序会派发一个通知,同时保留一个指向函数上下文中对象的引用。这允许事件回调篡改根文档对象,使用这个畸形对象可用于以应用程序上下文执行任意代码。 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7.0 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-057.mspx |
| id | SSV:20840 |
| last seen | 2017-11-19 |
| modified | 2011-08-10 |
| published | 2011-08-10 |
| reporter | Root |
| title | Microsoft Internet Explorer XSLT内存破坏远程代码执行漏洞 |