cvelistv5 - cve-2011-1345

CVE-2011-1345 (GCVE-0-2011-1345)

Vulnerability from cvelistv5 – Published: 2011-03-10 20:00 – Updated: 2024-08-06 22:21

Summary

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	third-party-advisoryx_refsource_CERT
	http://twitter.com/msftsecresponse/statuses/45646…	x_refsource_MISC
	http://twitter.com/aaronportnoy/statuses/45642180…	x_refsource_MISC
	http://www.securitytracker.com/id?1025327	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://dvlabs.tippingpoint.com/blog/2011/02/02/pw…	x_refsource_MISC
	http://www.computerworld.com/s/article/9214002/Sa…	x_refsource_MISC
	http://www.securityfocus.com/bid/46821	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://threatpost.com/en_us/blogs/pwn2own-winner…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.zdnet.com/blog/security/pwn2own-2011-i…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:34.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA11-102A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://twitter.com/msftsecresponse/statuses/45646985998516224"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://twitter.com/aaronportnoy/statuses/45642180118855680"
          },
          {
            "name": "1025327",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025327"
          },
          {
            "name": "MS11-018",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
          },
          {
            "name": "46821",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46821"
          },
          {
            "name": "oval:org.mitre.oval:def:12228",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
          },
          {
            "name": "ms-ie-unspec-code-exec(66062)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "TA11-102A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://twitter.com/msftsecresponse/statuses/45646985998516224"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://twitter.com/aaronportnoy/statuses/45642180118855680"
        },
        {
          "name": "1025327",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025327"
        },
        {
          "name": "MS11-018",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
        },
        {
          "name": "46821",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46821"
        },
        {
          "name": "oval:org.mitre.oval:def:12228",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
        },
        {
          "name": "ms-ie-unspec-code-exec(66062)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA11-102A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
            },
            {
              "name": "http://twitter.com/msftsecresponse/statuses/45646985998516224",
              "refsource": "MISC",
              "url": "http://twitter.com/msftsecresponse/statuses/45646985998516224"
            },
            {
              "name": "http://twitter.com/aaronportnoy/statuses/45642180118855680",
              "refsource": "MISC",
              "url": "http://twitter.com/aaronportnoy/statuses/45642180118855680"
            },
            {
              "name": "1025327",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025327"
            },
            {
              "name": "MS11-018",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
            },
            {
              "name": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own",
              "refsource": "MISC",
              "url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
            },
            {
              "name": "46821",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46821"
            },
            {
              "name": "oval:org.mitre.oval:def:12228",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
            },
            {
              "name": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011",
              "refsource": "MISC",
              "url": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
            },
            {
              "name": "ms-ie-unspec-code-exec(66062)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
            },
            {
              "name": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367",
              "refsource": "MISC",
              "url": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1345",
    "datePublished": "2011-03-10T20:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:21:34.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A52E757F-9B41-43B4-9D67-3FEDACA71283\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D56B932B-9593-44E2-B610-E4EB2143EB21\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \\\"Object Management Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad sin especificar en Microsoft Internet Explorer 8 en Windows 7 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de vectores de ataque desconocidos, como ha demostrado Stephen Fewer con la primera de las tres vulnerabilidades encadenadas durante el concurso Pwn2Own en la CanSecWest 2011.\"}]",
      "id": "CVE-2011-1345",
      "lastModified": "2024-11-21T01:26:07.663",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-03-10T20:55:01.313",
      "references": "[{\"url\": \"http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://twitter.com/aaronportnoy/statuses/45642180118855680\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://twitter.com/msftsecresponse/statuses/45646985998516224\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/46821\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1025327\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66062\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://twitter.com/aaronportnoy/statuses/45642180118855680\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://twitter.com/msftsecresponse/statuses/45646985998516224\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/46821\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025327\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1345\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-03-10T20:55:01.313\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \\\"Object Management Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad sin especificar en Microsoft Internet Explorer 8 en Windows 7 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores de ataque desconocidos, como ha demostrado Stephen Fewer con la primera de las tres vulnerabilidades encadenadas durante el concurso Pwn2Own en la CanSecWest 2011.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52E757F-9B41-43B4-9D67-3FEDACA71283\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56B932B-9593-44E2-B610-E4EB2143EB21\"}]}]}],\"references\":[{\"url\":\"http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://twitter.com/aaronportnoy/statuses/45642180118855680\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://twitter.com/msftsecresponse/statuses/45646985998516224\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/46821\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1025327\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/66062\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://twitter.com/aaronportnoy/statuses/45642180118855680\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://twitter.com/msftsecresponse/statuses/45646985998516224\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46821\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/66062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-201

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été corrigées dans le navigateur Internet Explorer. L'exploitation de ces vulnérabilités peut permettre à une personne malveillante de porter atteinte à la confidentialité des données ou d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérablités dans Internet Explorer peuvent être exploitées afin de porter atteinte à la confidentialité des données ou d'exécuter du code arbitraire au moyen d'un page Web spécialement construite.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Internet Explorer 8.
N/A	N/A	Internet Explorer 7 ;
N/A	N/A	Internet Explorer 6 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-018 du 12 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rablit\u00e9s dans Internet Explorer peuvent \u00eatre exploit\u00e9es\nafin de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ou d\u0027ex\u00e9cuter\ndu code arbitraire au moyen d\u0027un page Web sp\u00e9cialement construite.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0094"
    },
    {
      "name": "CVE-2011-0343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0343"
    },
    {
      "name": "CVE-2011-1245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1245"
    },
    {
      "name": "CVE-2011-1244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1244"
    },
    {
      "name": "CVE-2011-1345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1345"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-201",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le navigateur Internet\nExplorer. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut permettre \u00e0 une\npersonne malveillante de porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-018 du 12 avril 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-018.mspx"
    }
  ]
}

CERTA-2011-AVI-201

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Internet Explorer 8.
N/A	N/A	Internet Explorer 7 ;
N/A	N/A	Internet Explorer 6 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-018 du 12 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rablit\u00e9s dans Internet Explorer peuvent \u00eatre exploit\u00e9es\nafin de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ou d\u0027ex\u00e9cuter\ndu code arbitraire au moyen d\u0027un page Web sp\u00e9cialement construite.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0094"
    },
    {
      "name": "CVE-2011-0343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0343"
    },
    {
      "name": "CVE-2011-1245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1245"
    },
    {
      "name": "CVE-2011-1244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1244"
    },
    {
      "name": "CVE-2011-1345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1345"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-201",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le navigateur Internet\nExplorer. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut permettre \u00e0 une\npersonne malveillante de porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-018 du 12 avril 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-018.mspx"
    }
  ]
}

GHSA-MX8G-6G6Q-2P9C

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1345"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-03-10T20:55:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\"",
  "id": "GHSA-mx8g-6g6q-2p9c",
  "modified": "2022-05-13T01:07:45Z",
  "published": "2022-05-13T01:07:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1345"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
    },
    {
      "type": "WEB",
      "url": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
    },
    {
      "type": "WEB",
      "url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
    },
    {
      "type": "WEB",
      "url": "http://twitter.com/aaronportnoy/statuses/45642180118855680"
    },
    {
      "type": "WEB",
      "url": "http://twitter.com/msftsecresponse/statuses/45646985998516224"
    },
    {
      "type": "WEB",
      "url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46821"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025327"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-1345

Vulnerability from fkie_nvd - Published: 2011-03-10 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
cve@mitre.org	http://twitter.com/aaronportnoy/statuses/45642180118855680
cve@mitre.org	http://twitter.com/msftsecresponse/statuses/45646985998516224
cve@mitre.org	http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
cve@mitre.org	http://www.securityfocus.com/bid/46821
cve@mitre.org	http://www.securitytracker.com/id?1025327
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	US Government Resource
cve@mitre.org	http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/66062
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228
cve@mitre.org	https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
af854a3a-2127-422b-91ae-364da2661108	http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
af854a3a-2127-422b-91ae-364da2661108	http://twitter.com/aaronportnoy/statuses/45642180118855680
af854a3a-2127-422b-91ae-364da2661108	http://twitter.com/msftsecresponse/statuses/45646985998516224
af854a3a-2127-422b-91ae-364da2661108	http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46821
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025327
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66062
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228
af854a3a-2127-422b-91ae-364da2661108	https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011

Impacted products

	Vendor	Product	Version
	microsoft	internet_explorer	8
	microsoft	windows_7	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Microsoft Internet Explorer 8 en Windows 7 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores de ataque desconocidos, como ha demostrado Stephen Fewer con la primera de las tres vulnerabilidades encadenadas durante el concurso Pwn2Own en la CanSecWest 2011."
    }
  ],
  "id": "CVE-2011-1345",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-03-10T20:55:01.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://twitter.com/aaronportnoy/statuses/45642180118855680"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://twitter.com/msftsecresponse/statuses/45646985998516224"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46821"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025327"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://twitter.com/aaronportnoy/statuses/45642180118855680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://twitter.com/msftsecresponse/statuses/45646985998516224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-1345

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1345

Aliases

CVE-2011-1345

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1345",
    "description": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\"",
    "id": "GSD-2011-1345"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1345"
      ],
      "details": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\"",
      "id": "GSD-2011-1345",
      "modified": "2023-12-13T01:19:07.917817Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-1345",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA11-102A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
          },
          {
            "name": "http://twitter.com/msftsecresponse/statuses/45646985998516224",
            "refsource": "MISC",
            "url": "http://twitter.com/msftsecresponse/statuses/45646985998516224"
          },
          {
            "name": "http://twitter.com/aaronportnoy/statuses/45642180118855680",
            "refsource": "MISC",
            "url": "http://twitter.com/aaronportnoy/statuses/45642180118855680"
          },
          {
            "name": "1025327",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025327"
          },
          {
            "name": "MS11-018",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
          },
          {
            "name": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011",
            "refsource": "MISC",
            "url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
          },
          {
            "name": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own",
            "refsource": "MISC",
            "url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
          },
          {
            "name": "46821",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46821"
          },
          {
            "name": "oval:org.mitre.oval:def:12228",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
          },
          {
            "name": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011",
            "refsource": "MISC",
            "url": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
          },
          {
            "name": "ms-ie-unspec-code-exec(66062)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
          },
          {
            "name": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367",
            "refsource": "MISC",
            "url": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1345"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka \"Object Management Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://twitter.com/msftsecresponse/statuses/45646985998516224",
              "refsource": "MISC",
              "tags": [],
              "url": "http://twitter.com/msftsecresponse/statuses/45646985998516224"
            },
            {
              "name": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011",
              "refsource": "MISC",
              "tags": [],
              "url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
            },
            {
              "name": "http://twitter.com/aaronportnoy/statuses/45642180118855680",
              "refsource": "MISC",
              "tags": [],
              "url": "http://twitter.com/aaronportnoy/statuses/45642180118855680"
            },
            {
              "name": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
            },
            {
              "name": "46821",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46821"
            },
            {
              "name": "1025327",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025327"
            },
            {
              "name": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011",
              "refsource": "MISC",
              "tags": [],
              "url": "https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011"
            },
            {
              "name": "TA11-102A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
            },
            {
              "name": "ms-ie-unspec-code-exec(66062)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66062"
            },
            {
              "name": "oval:org.mitre.oval:def:12228",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228"
            },
            {
              "name": "MS11-018",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-07-23T15:12Z",
      "publishedDate": "2011-03-10T20:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1345 (GCVE-0-2011-1345)

CERTA-2011-AVI-201

Description

Solution

CERTA-2011-AVI-201

Description

Solution

GHSA-MX8G-6G6Q-2P9C

FKIE_CVE-2011-1345

GSD-2011-1345

Tags

Sightings

Nomenclature