Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2011-2383
HistoryJun 03, 2011 - 5:55 p.m.

CVE-2011-2383

2011-06-0317:55:00
CWE-20
mitre
web.nvd.nist.gov
37
cve-2011-2383
microsoft
internet explorer
cross-zone
drag-and-drop
cookiejacking
information disclosure
vulnerability
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.023

Percentile

89.7%

JSON

Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a โ€œcookiejackingโ€ issue, aka โ€œDrag and Drop Information Disclosure Vulnerability.โ€ NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.

Affected configurations

Nvd
Node
microsoftieMatch9beta
OR
microsoftinternet_explorerRangeโ‰ค9
OR
microsoftinternet_explorerMatch3.0
OR
microsoftinternet_explorerMatch4.0
OR
microsoftinternet_explorerMatch5
OR
microsoftinternet_explorerMatch6
OR
microsoftinternet_explorerMatch7
OR
microsoftinternet_explorerMatch8
VendorProductVersionCPE
microsoftie9cpe:2.3:a:microsoft:ie:9:beta:*:*:*:*:*:*
microsoftinternet_explorer*cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
microsoftinternet_explorer3.0cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*
microsoftinternet_explorer4.0cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
microsoftinternet_explorer5cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftinternet_explorer8cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

Related

nvd 1
openvas 4
prion 1
cvelist 1
seebug 1
securityvulns 1
mskb 1
nessus 1
nvd
nvd
CVE-2011-2383
2011-06-03 17:55:00
openvas
openvas
Microsoft Internet Explorer Cookie Hijacking Vulnerability
2011-06-13 00:00:00
Microsoft Internet Explorer Cookie Hijacking Vulnerability
2011-06-13 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
2011-08-11 00:00:00
prion
prion
Information disclosure
2011-06-03 17:55:00
cvelist
cvelist
CVE-2011-2383
2011-06-03 17:00:00
seebug
seebug
Microsoft Internet Explorer่ทจๅŸŸๆœฌๅœฐCookieๆ–‡ไปถ่ฎฟ้—ฎๅฎ‰ๅ…จ็ป•่ฟ‡ๆผๆดž
2011-08-10 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2011-08-10 00:00:00
mskb
mskb
MS11-057: Cumulative Security Update for Internet Explorer: August 9, 2011
2020-05-21 04:45:55
nessus
nessus
MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049)
2011-08-09 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.023

Percentile

89.7%

JSON
Related for CVE-2011-2383
nvd1openvas4prion1cvelist1seebug1securityvulns1mskb1nessus1