[email protected]CVE-2011-0094

HistoryApr 13, 2011 - 6:55 p.m.

CVE-2011-0094

2011-04-1318:55:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2011-0094

use-after-free vulnerability

microsoft internet explorer

remote code execution

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.958 High

EPSS

Percentile

99.4%

JSON

Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka “Layouts Handling Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq6
microsoft:internet_explorermicrosoft internet explorereq7

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	6
microsoft:internet_explorer	microsoft internet explorer	eq	7

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=900

www.securitytracker.com/id?1025327

www.us-cert.gov/cas/techalerts/TA11-102A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12463

Social References

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.958 High

EPSS

Percentile

99.4%

JSON

Related for CVE-2011-0094

prion1 securityvulns3 checkpoint_advisories1 seebug1 threatpost2 nessus1 openvas2