Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Published: 2011-08-10
Updated: 2022-02-28
Summary
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Msbulletin
| bulletin_id | MS11-057 |
| bulletin_url | |
| date | 2011-08-09T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2559049 |
| knowledgebase_url | |
| severity | Critical |
| title | Cumulative Security Update for Internet Explorer |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS11-057.NASL |
| description | The remote host is missing Internet Explorer (IE) Security Update 2559049. The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 55787 |
| published | 2011-08-09 |
| reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/55787 |
| title | MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049) |
Oval
| accepted | 2014-08-18T04:00:33.090-04:00 |
| class | vulnerability |
| contributors | | name | Dragos Prisaca | | organization | Symantec Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
|
| definition_extensions | | comment | Microsoft Windows XP (32-bit) is installed | | oval | oval:org.mitre.oval:def:1353 |
| comment | Microsoft Internet Explorer 6 is installed | | oval | oval:org.mitre.oval:def:563 |
| comment | Microsoft Windows XP x64 is installed | | oval | oval:org.mitre.oval:def:15247 |
| comment | Microsoft Windows Server 2003 (32-bit) is installed | | oval | oval:org.mitre.oval:def:1870 |
| comment | Microsoft Windows Server 2003 (x64) is installed | | oval | oval:org.mitre.oval:def:730 |
| comment | Microsoft Windows Server 2003 (ia64) Gold is installed | | oval | oval:org.mitre.oval:def:396 |
| comment | Microsoft Internet Explorer 6 is installed | | oval | oval:org.mitre.oval:def:563 |
| comment | Microsoft Windows XP (32-bit) is installed | | oval | oval:org.mitre.oval:def:1353 |
| comment | Microsoft Windows XP x64 is installed | | oval | oval:org.mitre.oval:def:15247 |
| comment | Microsoft Windows Server 2003 (32-bit) is installed | | oval | oval:org.mitre.oval:def:1870 |
| comment | Microsoft Windows Server 2003 (x64) is installed | | oval | oval:org.mitre.oval:def:730 |
| comment | Microsoft Windows Server 2003 (ia64) Gold is installed | | oval | oval:org.mitre.oval:def:396 |
| comment | Microsoft Internet Explorer 7 is installed | | oval | oval:org.mitre.oval:def:627 |
| comment | Microsoft Windows Vista (32-bit) is installed | | oval | oval:org.mitre.oval:def:1282 |
| comment | Microsoft Windows Vista x64 Edition is installed | | oval | oval:org.mitre.oval:def:2041 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| comment | Microsoft Windows Server 2008 (ia-64) is installed | | oval | oval:org.mitre.oval:def:5667 |
| comment | Microsoft Internet Explorer 7 is installed | | oval | oval:org.mitre.oval:def:627 |
| comment | Microsoft Windows XP (32-bit) is installed | | oval | oval:org.mitre.oval:def:1353 |
| comment | Microsoft Windows XP x64 is installed | | oval | oval:org.mitre.oval:def:15247 |
| comment | Microsoft Windows Server 2003 (32-bit) is installed | | oval | oval:org.mitre.oval:def:1870 |
| comment | Microsoft Windows Server 2003 (x64) is installed | | oval | oval:org.mitre.oval:def:730 |
| comment | Microsoft Windows Vista (32-bit) is installed | | oval | oval:org.mitre.oval:def:1282 |
| comment | Microsoft Windows Vista x64 Edition is installed | | oval | oval:org.mitre.oval:def:2041 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| comment | Microsoft Internet Explorer 8 is installed | | oval | oval:org.mitre.oval:def:6210 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Internet Explorer 8 is installed | | oval | oval:org.mitre.oval:def:6210 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Internet Explorer 8 is installed | | oval | oval:org.mitre.oval:def:6210 |
| comment | Microsoft Windows Vista (32-bit) is installed | | oval | oval:org.mitre.oval:def:1282 |
| comment | Microsoft Windows Vista x64 Edition is installed | | oval | oval:org.mitre.oval:def:2041 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Internet Explorer 9 is installed | | oval | oval:org.mitre.oval:def:11985 |
|
| description | Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability." |
| family | windows |
| id | oval:org.mitre.oval:def:12617 |
| status | accepted |
| submitted | 2011-08-09T13:00:00 |
| title | Style Object Memory Corruption Vulnerability |
| version | 77 |
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID: 49039 CVE ID:CVE-2011-1964 Microsoft Internet Explorer是一款流行的WEB浏览器。 负责处理STYLE元素的的应用代码存在缺陷。创建一个无效行为的STYLE元素,攻击者可以迫使应用程序调用使用非法类型的对象,可导致堆内存破坏,构建恶意WEB页,诱使用户解析,可导致应用程序上下文执行任意代码 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-057.mspx |
| id | SSV:20839 |
| last seen | 2017-11-19 |
| modified | 2011-08-10 |
| published | 2011-08-10 |
| reporter | Root |
| title | Microsoft Internet Explorer样式对象内存破坏远程代码执行漏洞 |