CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
EPSS
Percentile
96.5%
Internet Explorer Memory Corruption Vulnerability
Recent assessments:
ccondon-r7 at April 05, 2021 1:20pm UTC reported:
There is now public threat intelligence that the Purple Fox exploit kit has incorporated this vulnerability and is exploiting it.
gwillcox-r7 at March 11, 2021 5:57pm UTC reported:
There is now public threat intelligence that the Purple Fox exploit kit has incorporated this vulnerability and is exploiting it.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 4
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26411
enki.co.kr/blog/2021/02/04/ie_0day.html
googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-26411.html
krebsonsecurity.com/2021/03/microsoft-patch-tuesday-march-2021-edition/
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411
www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
EPSS
Percentile
96.5%