The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TMG

vulnerability note CVE-2011-1889

Microsoft Forefront TMG 2010 Client: code execution

Synthesis of the vulnerability

An attacker can invite the victim to send malicious queries via Microsoft Forefront Threat Management Gateway 2010 Client, in order to execute code on his computer.
Impacted products: Forefront Threat Management Gateway.
Severity: 4/4.
Consequences: administrator access/rights.
Provenance: internet server.
Creation date: 15/06/2011.
Identifiers: 2520426, BID-48181, CERTA-2011-AVI-348, CVE-2011-1889, MS11-040, VIGILANCE-VUL-10734.

Description of the vulnerability

The Microsoft Forefront Threat Management Gateway 2010 Client product can be installed on users' computers, and communicates with the firewall Microsoft Forefront Threat Management Gateway 2010 in order to filter queries before they are sent on the network.

The NSPLookupServiceBegin() and NSPLookupServiceNext() methods are used for WinSock resolution queries. They are used by Microsoft Forefront TMG 2010 Client. However, the NSPLookupServiceNext() method does not correctly validate the query, so an overflow occurs.

An attacker can therefore invite the victim to send malicious queries via Microsoft Forefront Threat Management Gateway 2010 Client, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TMG: