9.3
CVE-2011-1345
- EPSS 40.88%
- Veröffentlicht 10.03.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:29:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 40.88% | 0.985 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
http://twitter.com/aaronportnoy/statuses/45642180118855680
http://twitter.com/msftsecresponse/statuses/45646985998516224
http://www.securityfocus.com/bid/46821
http://www.securitytracker.com/id?1025327
http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
https://exchange.xforce.ibmcloud.com/vulnerabilities/66062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228
https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011