7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.933 High
EPSS
Percentile
98.8%
Internet Explorer Memory Corruption Vulnerability
Recent assessments:
ccondon-r7 at April 05, 2021 1:20pm UTC reported:
There is now public threat intelligence that the Purple Fox exploit kit has incorporated this vulnerability and is exploiting it.
gwillcox-r7 at March 11, 2021 5:57pm UTC reported:
There is now public threat intelligence that the Purple Fox exploit kit has incorporated this vulnerability and is exploiting it.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 4
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26411
enki.co.kr/blog/2021/02/04/ie_0day.html
googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-26411.html
krebsonsecurity.com/2021/03/microsoft-patch-tuesday-march-2021-edition/
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411
www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.933 High
EPSS
Percentile
98.8%