[email protected]CVE-2011-0347

HistoryJan 07, 2011 - 11:00 p.m.

CVE-2011-0347

2011-01-0723:00:20

[email protected]

web.nvd.nist.gov

cve-2011-0347

microsoft

internet explorer

windows xp

dom implementation

cross_fuzz

gui display

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.7%

JSON

Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.

Affected configurations

NVD

Node

microsoftinternet_explorer

AND

microsoftwindows_xp

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq*

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	*

References

archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html

blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx

lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html

lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt

lcamtuf.coredump.cx/cross_fuzz/msie_display.jpg

www.microsoft.com/technet/security/advisory/2490606.mspx

www.securityfocus.com/archive/1/515506/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/64571

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12514

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.7%

JSON

Related for CVE-2011-0347

openvas4 nvd1 prion1 cvelist1