Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-003.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx
Insight
Multiple flaws are caused by memory corruptions, uninitialized memory and insecure library loading errors when processing certain HTML or JavaScript data, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a malicious web page.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x
References
Severity
Classification
-
CVE CVE-2010-3971, CVE-2011-0035, CVE-2011-0036, CVE-2011-0038 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
- Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
- Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
- Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability