Details of VAR-201106-0084

ID

VAR-201106-0084

CVE

CVE-2011-1889

TITLE

Microsoft Forefront Threat Management Gateway (TMG) 2010 Client's NSPLookupServiceNext Arbitrary code execution vulnerability in function

Trust: 0.8

sources: JVNDB: JVNDB-2011-001742

DESCRIPTION

The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability.". An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed attacks may cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA11-165A Microsoft Updates for Multiple Vulnerabilities Original release date: June 14, 2011 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office * Microsoft Internet Explorer * Microsoft ISA * Microsoft Visual Studio * Microsoft .NET Framework Overview There are multiple vulnerabilities in Microsoft Windows, Office, Internet Explorer, ISA, Visual Studio, and .NET Framework. Microsoft has released updates to address these vulnerabilities. I. Description The Microsoft Security Bulletin Summary for June 2011 describes multiple vulnerabilities in Microsoft Windows, Office, Internet Explorer, ISA, Visual Studio, and .NET Framework. Microsoft has released updates to address the vulnerabilities. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for June 2011. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA11-165A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA11-165A Feedback VU#678478" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2011 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History June 14, 2011: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTffCxz6pPKYJORa3AQJ0MAgAgkGwD6T5c3gNI3Mad6yHB/to+h0FqfPF CXWm/J+vkP3GepdZrdVBCOfZLDdUcn7y9fwRdWD7bFzHEPY7xZTYdSCePEJbtrKK kOX6t+PiWWim10U2LELVnSMyIjyL3Ys/ynAWIwL/kKJ94Y3pGJ+wPOdJTGGTODj/ sAscngFGya8WKMgtSPJuFV+LFAU02e1rNt0zDF4iZYUcEBSG53GhaE0QkM0MNOZ8 SxthmIeFctvW28T74BySOXdV+SzjxFeETJjT0GMC3RVjEgJO9PQVSzoeBcwXqfY8 qoSBa3YZOvLHqsEA+6bdK5VS3QAGcJv2Pvhm8p+NHaEbrBzxlqBjzw== =PuLQ -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: Microsoft Threat Management Gateway Firewall Client Vulnerability SECUNIA ADVISORY ID: SA44857 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44857/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44857 RELEASE DATE: 2011-06-15 DISCUSS ADVISORY: http://secunia.com/advisories/44857/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44857/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44857 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Forefront Threat Management Gateway (TMG) Client, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS11-040 (KB2520426): http://www.microsoft.com/technet/security/Bulletin/MS11-040.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: NVD: CVE-2011-1889 // JVNDB: JVNDB-2011-001742 // BID: 48181 // VULHUB: VHN-49834 // VULMON: CVE-2011-1889 // PACKETSTORM: 102289 // PACKETSTORM: 102285

AFFECTED PRODUCTS

vendor:	microsoft	model:	forefront threat management gateway	scope:	eq	version:	2010	Trust: 1.6
vendor:	microsoft	model:	forefront threat management gateway	scope:	eq	version:	2010 client	Trust: 0.8
vendor:	microsoft	model:	forefront threat management gateway client	scope:	eq	version:	20100	Trust: 0.3
vendor:	microsoft	model:	forefront threat management gateway sp1	scope:	ne	version:	2010	Trust: 0.3
vendor:	microsoft	model:	forefront threat management gateway	scope:	ne	version:	20100	Trust: 0.3
vendor:	microsoft	model:	forefront threat management gateway medium business edit	scope:	ne	version:	-	Trust: 0.3

sources: BID: 48181 // JVNDB: JVNDB-2011-001742 // CNNVD: CNNVD-201106-120 // NVD: CVE-2011-1889

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-1889
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2011-1889
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201106-120
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-49834
value:	HIGH
Trust: 0.1
VULMON:	CVE-2011-1889
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-1889
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-49834
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2011-1889
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-49834 // VULMON: CVE-2011-1889 // JVNDB: JVNDB-2011-001742 // CNNVD: CNNVD-201106-120 // NVD: CVE-2011-1889

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-49834 // JVNDB: JVNDB-2011-001742 // NVD: CVE-2011-1889

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201106-120

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201106-120

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001742

PATCH

title:	MS11-040	url:	http://www.microsoft.com/technet/security/bulletin/MS11-040.mspx	Trust: 0.8
title:	MS11-040	url:	http://www.microsoft.com/japan/technet/security/bulletin/MS11-040.mspx	Trust: 0.8
title:	MS11-040e	url:	http://www.microsoft.com/japan/security/bulletins/MS11-040e.mspx	Trust: 0.8
title:	TA11-165A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta11-165a.html	Trust: 0.8
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1

sources: VULMON: CVE-2011-1889 // JVNDB: JVNDB-2011-001742

EXTERNAL IDS

db:	NVD	id:	CVE-2011-1889	Trust: 2.9
db:	SECUNIA	id:	44857	Trust: 2.7
db:	BID	id:	48181	Trust: 2.3
db:	SECTRACK	id:	1025637	Trust: 2.0
db:	USCERT	id:	TA11-165A	Trust: 0.9
db:	USCERT	id:	SA11-165A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-001742	Trust: 0.8
db:	CNNVD	id:	CNNVD-201106-120	Trust: 0.7
db:	NSFOCUS	id:	16997	Trust: 0.6
db:	VULHUB	id:	VHN-49834	Trust: 0.1
db:	VULMON	id:	CVE-2011-1889	Trust: 0.1
db:	PACKETSTORM	id:	102289	Trust: 0.1
db:	PACKETSTORM	id:	102285	Trust: 0.1

sources: VULHUB: VHN-49834 // VULMON: CVE-2011-1889 // BID: 48181 // JVNDB: JVNDB-2011-001742 // PACKETSTORM: 102289 // PACKETSTORM: 102285 // CNNVD: CNNVD-201106-120 // NVD: CVE-2011-1889

REFERENCES

url:	http://secunia.com/advisories/44857	Trust: 2.6
url:	http://www.securityfocus.com/bid/48181	Trust: 2.1
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040	Trust: 1.2
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12642	Trust: 1.2
url:	http://www.securitytracker.com/id?1025637	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/67736	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1889	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2011/at110016.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnta11-165a	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1889	Trust: 0.8
url:	http://www.securitytracker.com/id/1025637	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa11-165a.html	Trust: 0.8
url:	http://www.us-cert.gov/cas/techalerts/ta11-165a.html	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/#topics	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/16997	Trust: 0.6
url:	http://www.microsoft.com/technet/security/bulletin/ms11-040.mspx	Trust: 0.4
url:	http://www.microsoft.com/forefront/threat-management-gateway/en/us/default.aspx	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=22892	Trust: 0.1
url:	https://github.com/ostorlab/kev	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta11-165a.html>	Trust: 0.1
url:	http://secunia.com/advisories/44857/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://conference.first.org/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44857	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/44857/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

The vendor

Trust: 0.3

sources: BID: 48181

SOURCES

db:	VULHUB	id:	VHN-49834
db:	VULMON	id:	CVE-2011-1889
db:	BID	id:	48181
db:	JVNDB	id:	JVNDB-2011-001742
db:	PACKETSTORM	id:	102289
db:	PACKETSTORM	id:	102285
db:	CNNVD	id:	CNNVD-201106-120
db:	NVD	id:	CVE-2011-1889

LAST UPDATE DATE

2024-12-20T22:31:00.889000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-49834	date:	2018-10-12T00:00:00
db:	VULMON	id:	CVE-2011-1889	date:	2018-10-12T00:00:00
db:	BID	id:	48181	date:	2011-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2011-001742	date:	2011-06-23T00:00:00
db:	CNNVD	id:	CNNVD-201106-120	date:	2011-06-17T00:00:00
db:	NVD	id:	CVE-2011-1889	date:	2024-12-19T18:50:04.540

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-49834	date:	2011-06-16T00:00:00
db:	VULMON	id:	CVE-2011-1889	date:	2011-06-16T00:00:00
db:	BID	id:	48181	date:	2011-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2011-001742	date:	2011-06-23T00:00:00
db:	PACKETSTORM	id:	102289	date:	2011-06-15T01:53:23
db:	PACKETSTORM	id:	102285	date:	2011-06-14T05:53:13
db:	CNNVD	id:	CNNVD-201106-120	date:	2011-06-16T00:00:00
db:	NVD	id:	CVE-2011-1889	date:	2011-06-16T20:55:02.543