CVE-2011-1997

EPSS 32.91%
Published 12.10.2011 02:52:43
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version6

   Microsoft ≫ Windows 2003 Server Updatesp2
   Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium
   Microsoft ≫ Windows Server 2003 Updatesp2
   Microsoft ≫ Windows Xp Updatesp3
   Microsoft ≫ Windows Xp Version- Updatesp2 Editionx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	32.91%	0.968

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13204

https://nvd.nist.gov/vuln/detail/CVE-2011-1997

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1997

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1997

EUVD