Lucene search

K
cveMitreCVE-2011-1345
HistoryMar 10, 2011 - 8:55 p.m.

CVE-2011-1345

2011-03-1020:55:01
mitre
web.nvd.nist.gov
35
microsoft
internet explorer
memory corruption
cve-2011-1345
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.95

Percentile

99.3%

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka β€œObject Management Memory Corruption Vulnerability.”

Affected configurations

Nvd
Node
microsoftinternet_explorerMatch8
AND
microsoftwindows_7
VendorProductVersionCPE
microsoftinternet_explorer8cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
microsoftwindows_7*cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.95

Percentile

99.3%