CVE-2011-1889

critical Microsoft ⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
85.4%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: June 16, 2011 (5446 days ago)
Last Modified: April 22, 2026
Vendor: Microsoft
Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2022-03-03
Remediation Due: 2022-03-24 (⚠ 1513d overdue)

Description

The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."

CWE

CWE-119

Affected Products

microsoft forefront threat management gateway

References

🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 docs.microsoft.com 🔗 exchange.xforce.ibmcloud.com