Vulnerability Description
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Metasploit | Metasploit Framework | 3.5.1 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://blog.metasploit.com/2011/02/metasploit-framework-352-released.html
- http://osvdb.org/70857
- http://secunia.com/advisories/43166Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0371Vendor Advisory
- http://blog.metasploit.com/2011/02/metasploit-framework-352-released.html
- http://osvdb.org/70857
- http://secunia.com/advisories/43166Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0371Vendor Advisory
FAQ
What is CVE-2011-1056?
CVE-2011-1056 is a vulnerability with a CVSS score of 6.2 (MEDIUM). The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replaci...
How severe is CVE-2011-1056?
CVE-2011-1056 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1056?
Check the references section above for vendor advisories and patch information. Affected products include: Metasploit Metasploit Framework, Microsoft Windows.