Unrated severityNVD Advisory· Published Jun 6, 2011· Updated Apr 29, 2026

CVE-2011-2217

Description

Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.

Affected products

Tomsawyer/Get Extension Factory
cpe:2.3:a:tomsawyer:get_extension_factory:5.5.2.237:*:*:*:*:*:*:*
VMware/Infrastructure
cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*
VMware/Virtual Infrastructure Client2 versions
cpe:2.3:a:vmware:virtual_infrastructure_client:2.0.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:vmware:virtual_infrastructure_client:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:virtual_infrastructure_client:2.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/44826nvdVendor Advisory
www.vmware.com/security/advisories/VMSA-2011-0009.htmlnvdVendor Advisory
labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
secunia.com/advisories/44844nvd
securitytracker.com/idnvd
www.securityfocus.com/bid/48099nvd
exchange.xforce.ibmcloud.com/vulnerabilities/67816nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.070
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000