MS11-081 MS11-081 - Critical : Cumulative Security Update for Internet Explorer (2586448) - Version: 1.2
Version2011-11-02
Severity Rating: Critical
Revision Note: V1.2 (November 2, 2011): Announced the release of a hotfix to resolve a known issue affecting Internet Explorer 7 customers after the KB2586448 security update is installed. See the Update FAQ for details.
Summary: This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
49.46%
Published
2011-10-12
Updated
2022-02-28
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
54.17%
Published
2011-10-12
Updated
2022-02-28
CVE-2011-1996
Public exploit
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
94.10%
Published
2011-10-12
Updated
2022-02-28
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
54.90%
Published
2011-10-12
Updated
2021-07-23
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
24.96%
Published
2011-10-12
Updated
2022-02-28
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
95.16%
Published
2011-10-12
Updated
2022-02-28
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
87.45%
Published
2011-10-12
Updated
2022-02-28
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
52.79%
Published
2011-10-12
Updated
2022-03-01