Vulnerability Database

300,214

Total vulnerabilities in the database

CVE-2011-1266

The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."

Published: Jun 16, 2011
Updated: Nov 9, 2025
CVE: CVE-2011-1266
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-908

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	6	6.x
microsoft / internet_explorer	7	7.x
microsoft / internet_explorer	8	8.x

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12593

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo