| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.4 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as problematic has been found in Microsoft Internet Explorer. Affected is an unknown function in the library DATIME.DLL. The manipulation results in code injection. This vulnerability is identified as CVE-2011-3397. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.
Details
A vulnerability, which was classified as critical, was found in Microsoft Internet Explorer (Web Browser) (the affected version unknown). Affected is an unknown part in the library DATIME.DLL. The manipulation with an unknown input leads to a code injection vulnerability. CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
The weakness was released 12/13/2011 by iDefense Labs with VeriSign iDefense Labs as MS11-090 as confirmed bulletin (Technet). The advisory is shared for download at technet.microsoft.com. This vulnerability is traded as CVE-2011-3397 since 09/09/2011. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Successful exploitation requires user interaction by the victim. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 01/06/2025). It is expected to see the exploit prices for this product decreasing in the near future.The MITRE ATT&CK project declares the attack technique as T1059.
The vulnerability scanner Nessus provides a plugin with the ID 902598 , which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90761 (Microsoft Cumulative Security Update of ActiveX Kill Bits (MS11-090)).
Applying the patch MS11-090 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 12020.
The vulnerability is also documented in the databases at X-Force (71548), Tenable (902598), SecurityFocus (BID 50970†), OSVDB (77665†) and Secunia (SA47099†). Entry connected to this vulnerability is available at VDB-4447. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
License
Support
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.8VulDB Meta Temp Score: 8.4
VulDB Base Score: 8.8
VulDB Temp Score: 8.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Code injectionCWE: CWE-94 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 902598
Nessus File: 🔍
Nessus Risk: 🔍
OpenVAS ID: 902598
OpenVAS Name: Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS11-090
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
09/09/2011 🔍12/13/2011 🔍
12/13/2011 🔍
12/13/2011 🔍
12/13/2011 🔍
12/13/2011 🔍
12/14/2011 🔍
12/14/2011 🔍
01/21/2012 🔍
01/06/2025 🔍
Sources
Vendor: microsoft.comAdvisory: MS11-090
Researcher: iDefense Labs
Organization: VeriSign iDefense Labs
Status: Confirmed
CVE: CVE-2011-3397 (🔍)
GCVE (CVE): GCVE-0-2011-3397
GCVE (VulDB): GCVE-100-4476
OVAL: 🔍
IAVM: 🔍
X-Force: 71548
SecurityFocus: 50970 - Microsoft Windows Time Component Remote Code Execution Vulnerability
Secunia: 47099 - Microsoft Time ActiveX Control Use-After-Free Vulnerability, Highly Critical
OSVDB: 77665
Vulnerability Center: 34016 - [MS11-090] Microsoft Windows XP and Server 2003 Time Remote Code Execution via a crafted Web Site, Medium
See also: 🔍
Entry
Created: 01/21/2012 01:00Updated: 01/06/2025 07:33
Changes: 01/21/2012 01:00 (76), 04/07/2017 12:02 (13), 01/06/2025 07:33 (17)
Complete: 🔍
Cache ID: 216:255:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.