CVE-2011-1245 — Sensitive Information Exposure in Microsoft Internet Explorer

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

21.1%

top 4.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer Msrc Microsoft Edge

Timeline

PublishedApr 13

Latest updateJun 14

Description

Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer6, 7+1

▶msrcmsrc/microsoft_edge

🔴Vulnerability Details

GHSA

GHSA-x8q2-c58h-jr22: Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allow↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2022-2011 Use after free in ANGLE↗2022-06-14

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 04-12-2011↗

▶