CVE-2011-1243

Windows XP - Remote Code Execution via Messenger ActiveX Control

Title source: llm
STIX 2.1

Description

The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability."

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12524
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47197
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/71788
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44159

Scores

EPSS 0.2932
EPSS Percentile 98.0%

Details

CWE
CWE-119
Status published
Products (1)
microsoft/windows_xp (2 CPE variants)
Published Apr 13, 2011
Tracked Since Feb 18, 2026