CVE-2011-1889

CVE Database · CVE-2011-1889

CVE-2011-1889

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

48.37%

Published

Jun 16, 2011

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-119CWE-119

Affected Products (1)

microsoft · forefront_threat_management_gatewayvulnerable

References (13)

http://secunia.com/advisories/44857

Broken Link

http://www.securityfocus.com/bid/48181

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1025637

Broken LinkThird Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/67736

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs