CVE-2011-2000 — Heap-based Buffer Overflow in Microsoft Internet Explorer

CWE-122 — Heap-based Buffer Overflow17 documents8 sources

Severity

9.3CRITICALNVD

EPSS

36.6%

top 2.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedOct 12

Latest updateMay 13

Description

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer4 versions+3

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hrr3-r677-j752: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi↗2022-05-13

▶

Kernel

namei: allow restricted O_CREAT of FIFOs and regular files↗2018-08-23

▶

💥Exploits & PoCs

Exploit-DB

NSHC Papyrus 2.0 - Heap Overflow↗2011-08-13

▶

Exploit-DB

Freefloat FTP Server 1.0 - 'MKD' Remote Buffer Overflow↗2011-07-17

▶

Exploit-DB

SimplyPlay 66 - '.pls' Local Buffer Overflow↗2011-04-14

▶

Exploit-DB

Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)↗2011-02-08

▶

Exploit-DB

Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)↗2011-02-08

▶

📋Vendor Advisories

Red Hat

jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)↗2016-10-17

▶

Red Hat

jasper: insufficient memory allocation in jpc_crg_getparms() (rejected duplicate of CVE-2011-4517)↗2016-10-17

▶

Red Hat

jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)↗2011-12-08

▶

Red Hat

jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)↗2011-12-08

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 11-11-2011↗

▶

💬Community

Bugzilla

CVE-2011-4612 icecast2: Newline injection in error.log↗2011-12-15

▶