CVE-2011-1889
CRITICAL KEVMicrosoft Forefront Threat Management Gateway 2010 - Remote Code Execution via NSPLookupServiceNext
Title source: llmExploitation Summary
CVE-2011-1889 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022.
Description
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
References (7)
Core 7
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-1889
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025637
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67736
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48181
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44857
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642
Scores
CVSS v3
9.8
EPSS
0.8814
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2022-03-03
VulnCheck KEV
2022-03-03
InTheWild.io
2022-03-03
ENISA EUVD
EUVD-2011-1887
CWE
CWE-119
Status
published
Products (1)
microsoft/forefront_threat_management_gateway
2010
Published
Jun 16, 2011
KEV Added
Mar 03, 2022
Tracked Since
Feb 18, 2026