Back
CVE-2011-1889
CRITICAL
CISA KEV
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
Published: Jun 16, 2011
Modified: Apr 22, 2026
CWE-119
CWE-119
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (1)
| Vendor | Product | Version |
|---|---|---|
| microsoft | forefront_threat_management_gateway | 2010 |
GitHub Security Advisory GHSA-v7xg-xv38-f34w
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway ...
References (13)
- http://secunia.com/advisories/44857 Broken Link
- http://www.securityfocus.com/bid/48181 Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1025637 Broken Link, Third Party Advisory, VDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040 Patch, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67736 Third Party Advisory, VDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642 Broken Link
- http://secunia.com/advisories/44857 Broken Link
- http://www.securityfocus.com/bid/48181 Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1025637 Broken Link, Third Party Advisory, VDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-040 Patch, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67736 Third Party Advisory, VDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12642 Broken Link
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-1889 US Government Resource
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
88.14%
Top 0% most likely to be exploited
Threat Score
95.6 / 100
CISA Known Exploited
Date Added:
2022-03-03
Due Date:
2022-03-24
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS
GitHub