Vulnerability Details : CVE-2017-11848
Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability".
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2017-11848
Probability of exploitation activity in the next 30 days: 1.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-11848
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2017-11848
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-11848
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11848
CVE-2017-11848 | Internet Explorer Information Disclosure VulnerabilityPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1039796
Microsoft Internet Explorer Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/101709
Microsoft Internet Explorer CVE-2017-11848 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-11848
- cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2012