CVE-2011-2382

EPSS 33.88%
Published 03.06.2011 17:55:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Ie Version9 Updatebeta

Microsoft ≫ Internet Explorer Version <= 8

Microsoft ≫ Internet Explorer Version3.0

Microsoft ≫ Internet Explorer Version3.0.1

Microsoft ≫ Internet Explorer Version3.0.2

Microsoft ≫ Internet Explorer Version3.1

Microsoft ≫ Internet Explorer Version3.2

Microsoft ≫ Internet Explorer Version4.0

Microsoft ≫ Internet Explorer Version4.0.1

Microsoft ≫ Internet Explorer Version4.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version4.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version4.01

Microsoft ≫ Internet Explorer Version4.1

Microsoft ≫ Internet Explorer Version4.01 Updatesp1

Microsoft ≫ Internet Explorer Version4.5

Microsoft ≫ Internet Explorer Version4.40.308

Microsoft ≫ Internet Explorer Version4.40.520

Microsoft ≫ Internet Explorer Version4.70.1155

Microsoft ≫ Internet Explorer Version4.70.1158

Microsoft ≫ Internet Explorer Version4.70.1215

Microsoft ≫ Internet Explorer Version4.70.1300

Microsoft ≫ Internet Explorer Version4.71.544

Microsoft ≫ Internet Explorer Version4.71.1008.3

Microsoft ≫ Internet Explorer Version4.71.1712.6

Microsoft ≫ Internet Explorer Version4.72.2106.8

Microsoft ≫ Internet Explorer Version4.72.3110.8

Microsoft ≫ Internet Explorer Version4.72.3612.1713

Microsoft ≫ Internet Explorer Version5

Microsoft ≫ Internet Explorer Version5.0

Microsoft ≫ Internet Explorer Version5.0.1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp3

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp4

Microsoft ≫ Internet Explorer Version5.00.0518.10

Microsoft ≫ Internet Explorer Version5.00.0910.1309

Microsoft ≫ Internet Explorer Version5.00.2014.0216

Microsoft ≫ Internet Explorer Version5.00.2314.1003

Microsoft ≫ Internet Explorer Version5.00.2516.1900

Microsoft ≫ Internet Explorer Version5.00.2614.3500

Microsoft ≫ Internet Explorer Version5.00.2919.800

Microsoft ≫ Internet Explorer Version5.00.2919.3800

Microsoft ≫ Internet Explorer Version5.00.2919.6307

Microsoft ≫ Internet Explorer Version5.00.2920.0000

Microsoft ≫ Internet Explorer Version5.00.3103.1000

Microsoft ≫ Internet Explorer Version5.00.3105.0106

Microsoft ≫ Internet Explorer Version5.00.3314.2101

Microsoft ≫ Internet Explorer Version5.00.3315.1000

Microsoft ≫ Internet Explorer Version5.00.3502.1000

Microsoft ≫ Internet Explorer Version5.00.3700.1000

Microsoft ≫ Internet Explorer Version5.01

Microsoft ≫ Internet Explorer Version5.1

Microsoft ≫ Internet Explorer Version5.01 Updatesp1

Microsoft ≫ Internet Explorer Version5.01 Updatesp2

Microsoft ≫ Internet Explorer Version5.01 Updatesp3

Microsoft ≫ Internet Explorer Version5.01 Updatesp4

Microsoft ≫ Internet Explorer Version5.2.3

Microsoft ≫ Internet Explorer Version5.5

Microsoft ≫ Internet Explorer Version5.5 Updatepreview

Microsoft ≫ Internet Explorer Version5.5 Updatesp1

Microsoft ≫ Internet Explorer Version5.5 Updatesp2

Microsoft ≫ Internet Explorer Version5.50.3825.1300

Microsoft ≫ Internet Explorer Version5.50.4030.2400

Microsoft ≫ Internet Explorer Version5.50.4134.0100

Microsoft ≫ Internet Explorer Version5.50.4134.0600

Microsoft ≫ Internet Explorer Version5.50.4308.2900

Microsoft ≫ Internet Explorer Version5.50.4522.1800

Microsoft ≫ Internet Explorer Version5.50.4807.2300

Microsoft ≫ Internet Explorer Version6

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Internet Explorer Version6.0

Microsoft ≫ Internet Explorer Version6.00.2462.0000

Microsoft ≫ Internet Explorer Version6.00.2479.0006

Microsoft ≫ Internet Explorer Version6.0.2600

Microsoft ≫ Internet Explorer Version6.00.2600.0000

Microsoft ≫ Internet Explorer Version6.0.2800

Microsoft ≫ Internet Explorer Version6.0.2800.1106

Microsoft ≫ Internet Explorer Version6.00.2800.1106

Microsoft ≫ Internet Explorer Version6.0.2900

Microsoft ≫ Internet Explorer Version6.0.2900.2180

Microsoft ≫ Internet Explorer Version6.00.2900.2180

Microsoft ≫ Internet Explorer Version6.00.3663.0000

Microsoft ≫ Internet Explorer Version6.00.3718.0000

Microsoft ≫ Internet Explorer Version6.00.3790.0000

Microsoft ≫ Internet Explorer Version6.00.3790.1830

Microsoft ≫ Internet Explorer Version6.00.3790.3959

Microsoft ≫ Internet Explorer Version7

Microsoft ≫ Internet Explorer Version7.0

Microsoft ≫ Internet Explorer Version7.0 Updatebeta

Microsoft ≫ Internet Explorer Version7.0 Updatebeta1

Microsoft ≫ Internet Explorer Version7.0 Updatebeta2

Microsoft ≫ Internet Explorer Version7.0 Updatebeta3

Microsoft ≫ Internet Explorer Version7.0.5730 Updateunknown Editiongold

Microsoft ≫ Internet Explorer Version7.0.5730.11

Microsoft ≫ Internet Explorer Version7.00.5730.1100

Microsoft ≫ Internet Explorer Version7.00.6000.16386

Microsoft ≫ Internet Explorer Version7.00.6000.16441

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	33.88%	0.968

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388

http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt

http://news.cnet.com/8301-1009_3-20066419-83.html

http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/

http://www.informationweek.com/news/security/vulnerabilities/229700031

http://www.networkworld.com/community/node/74259

http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/

http://www.youtube.com/watch?v=V95CX-3JpK0

http://www.youtube.com/watch?v=VsSkcnIFCxM

https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt

https://nvd.nist.gov/vuln/detail/CVE-2011-2382

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2382

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2382

EUVD