Vulnerability Details : CVE-2011-1347
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
Products affected by CVE-2011-1347
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1347
2.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1347
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | AV:N/AC:M/Au:N/C:N/I:C/A:C |
8.6
|
9.2
|
NIST |
References for CVE-2011-1347
-
http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
Pwn2Own 2011: IE8 on Windows 7 hijacked with 3 vulnerabilities | ZDNet
-
http://twitter.com/msftsecresponse/statuses/45646985998516224
Security Response on Twitter: "We are on the ground at CanSecWest and our top security researchers are already investigating the IE exploit used in the pwn2own contest."
-
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
Safari, IE hacked first at Pwn2Own | Computerworld
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66064
Microsoft Internet Explorer unspecified code execution CVE-2011-1347 Vulnerability Report
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057
Microsoft Security Bulletin MS11-057 - Critical | Microsoft Docs
-
http://twitter.com/aaronportnoy/statuses/45642180118855680
Twitter / ?
-
https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
Threatpost | The first stop for security news
-
http://www.securityfocus.com/bid/46821
Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities
-
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
Threat Intelligence | Digital Vaccine® | ThreatLinQ | Trend Micro
Jump to