Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

Added: 06/19/2011
CVE: CVE-2011-2217
BID: 48099


Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools.


Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory, as used in VI Client (VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer. A remote attacker could execute arbitrary code or cause a denial of service (memory corruption) by enticing a user to open a specially crafted HTML document in Internet Explorer.


Upgrade or apply patches as described in VMware Security Advisory 2011-0009.



Exploit works on VMware VI Client

The user must open the exploit file in Internet Explorer 7 on the target system.



Back to exploit index