Vulnerability Details : CVE-2011-1346
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2011-1346
Probability of exploitation activity in the next 30 days: 17.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1346
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2011-1346
-
http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
Pwn2Own 2011: IE8 on Windows 7 hijacked with 3 vulnerabilities | ZDNet
-
http://twitter.com/msftsecresponse/statuses/45646985998516224
Security Response on Twitter: "We are on the ground at CanSecWest and our top security researchers are already investigating the IE exploit used in the pwn2own contest."
-
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
Safari, IE hacked first at Pwn2Own | Computerworld
-
http://twitter.com/aaronportnoy/statuses/45642180118855680
Twitter / ?
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66063
Microsoft Internet Explorer unspecified code execution CVE-2011-1346 Vulnerability Report
-
https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
Threatpost | The first stop for security news
-
http://www.securityfocus.com/bid/46821
Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities
-
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
Threat Intelligence | Digital Vaccine® | ThreatLinQ | Trend Micro
Products affected by CVE-2011-1346
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*