9.3

CVE-2011-1345

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 40.88% 0.985
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
http://twitter.com/aaronportnoy/statuses/45642180118855680
http://twitter.com/msftsecresponse/statuses/45646985998516224
http://www.securityfocus.com/bid/46821
http://www.securitytracker.com/id?1025327
http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
https://exchange.xforce.ibmcloud.com/vulnerabilities/66062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228
https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011