3 matches found
Microsoft Internet Explorer 保护模式绕过漏洞(Pwn2Own)
CVE ID:CVE-2011-1347 Microsoft Internet Explorer是一款流行的WEB浏览器。 Internet Explorer保护模式由中等完整性级别和低完整性级别的进程组成。低完整性进程只允许向特定低完整性位置写文件,写入的文件会被标记为低完整性文件。当启动一个新的Internet Explorer进程时会对启动的文件进行完整性级别检查,如果文件属于低完整性级别文件,那么会运行在低完整性模式下。但是如果给定某个文件更低的权限,应用程序在检查过程中由于不匹配'Low Integrity',导致会以中级完整性级别运行之。攻击者可以利用此漏洞绕过保护模式提升特...
MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049)
The remote host is missing Internet Explorer IE Security Update 2559049. The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55787...
CVE-2011-1347
Microsoft Internet Explorer 8 on Windows 7 is affected by a Protected Mode bypass vulnerability (CVE-2011-1347) that allowed an attacker to create arbitrary files by leveraging access to a Low integrity process, demonstrated during Pwn2Own 2011 by Stephen Fewer as the third of three chained vulne...