What is CVE-2011-2217?

CVE-2011-2217 is a vulnerability in Tomsawyer Get_extension_factory, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-06-06.

Is CVE-2011-2217 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Tomsawyer Get_extension_factory

CVE-2011-2217

Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VM…

Vulnerability class: Buffer Overflow

EPSS: 0.881 (99.5th percentile) — read the EPSS interpretation.

Affected products

Tomsawyer Get_extension_factory — versions 5.5.2.237
Vmware Infrastructure — versions 3
Vmware Virtual_infrastructure_client — versions 2.0.2, 2.5
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

vmware-viclient-code-exec(67816) (vdb-entry, x_refsource_XF)
20110603 Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability (x_refsource_IDEFENSE, third-party-advisory)
44844 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
48099 (vdb-entry, x_refsource_BID)
44826 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
1025602 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2011-2217?: CVE-2011-2217 is a vulnerability in Tomsawyer Get_extension_factory, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-06-06.
Is CVE-2011-2217 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.