CVE-2011-0094 — Out-of-bounds Write in Microsoft Internet Explorer

CWE-3998 documents7 sources

Severity

9.3CRITICALNVD

EPSS

59.9%

top 1.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedApr 13

Latest updateMay 13

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6, 7+1

🔴Vulnerability Details

GHSA

GHSA-6hf6-rvjw-mcvv: Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1)↗2022-05-13

▶

VulnCheck

Microsoft Internet Explorer 6 and 7 Layouts Handling Memory Corruption Vulnerability↗2011

▶

📋Vendor Advisories

Red Hat

squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)↗2011-08-28

▶

🕵️Threat Intelligence

Krebs

In a Zero-Day World, It’s Active Attacks that Matter – Krebs on Security↗2012-10-01

▶

Krebs

In a Zero-Day World, It’s Active Attacks that Matter↗2012-10-01

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 04-12-2011↗

▶

💬Community

Bugzilla

CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)↗2011-08-30

▶