Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-057.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx
Insight
Multiple flaws are due to, the way Internet Explorer handles objects in memory, handles JavaScript event handlers, accesses files stored in the local machine, renders data during certain processes and the way the telnet handler executes the associated application.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x
References
Severity
Classification
-
CVE CVE-2011-1257, CVE-2011-1960, CVE-2011-1961, CVE-2011-1962, CVE-2011-1963, CVE-2011-1964, CVE-2011-2383 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (939653)
- Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
- Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
- Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
- Checks for MS HOTFIX for snmp buffer overruns