5.8

CVE-2011-1244

Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version6
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
MicrosoftInternet Explorer Version7
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2008 Version- Update-
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Vista Version- Updatesp1
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
MicrosoftInternet Explorer Version8
   MicrosoftWindows 7 Version-
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2008 Version- Update-
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Server 2008 Versionr2
   MicrosoftWindows Vista Version- Updatesp1
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.14% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
Patch
Vendor Advisory
http://www.securitytracker.com/id?1025327
Third Party Advisory
Broken Link
VDB Entry
http://osvdb.org/71777
Broken Link
http://www.securityfocus.com/bid/47191
Third Party Advisory
Broken Link
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11926
Tool Signature