CVE-2011-2217

Tom Sawyer GET Extension Factory <5.5.2.237 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-2217. PoCs published by Metasploit, Elazar Broad, rgod, juan vazquez, including Metasploit module exploits/windows/browser/tom_sawyer_tsgetx71ex552.

AI-analyzed exploit summary This Metasploit module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory. It achieves DEP and ASLR bypass using a ROP chain from msvcr71.dll and targets specific versions of Internet Explorer on Windows XP and Windows 7.

Description

Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/19030

This Metasploit module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory. It achieves DEP and ASLR bypass using a ROP chain from msvcr71.dll and targets specific versions of Internet Explorer on Windows XP and Windows 7.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Tom Sawyer GET Extension Factory (tsgetx71ex553.dll 5.5.3.238)
No auth needed
Prerequisites: Victim must be using a vulnerable version of Internet Explorer (6.0 to 8.0) and have the vulnerable ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Elazar Broad, rgod, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb

This Metasploit module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control due to incorrect initialization in Internet Explorer. It uses a ROP chain to bypass DEP and ASLR, targeting specific versions of Windows and IE.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Tom Sawyer GET Extension Factory (tsgetx71ex553.dll 5.5.3.238)
No auth needed
Prerequisites: Victim must be using a vulnerable version of Internet Explorer (6-8) on Windows XP or Windows 7 · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67816
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=911
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44844
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48099
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44826
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025602

Scores

EPSS 0.4196
EPSS Percentile 98.5%

Details

CWE
CWE-119
Status published
Products (4)
tomsawyer/get_extension_factory 5.5.2.237
vmware/infrastructure 3
vmware/virtual_infrastructure_client 2.0.2
vmware/virtual_infrastructure_client 2.5
Published Jun 06, 2011
Tracked Since Feb 18, 2026