CVE-2011-1257 — Race Condition in Microsoft Internet Explorer

CWE-362 — Race Condition3 documents3 sources

Severity

7.6HIGHNVD

EPSS

5.5%

top 9.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedAug 10

Latest updateMay 13

Description

Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6, 7, 8+2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-xwvm-474m-8395: Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corru↗2022-05-13

▶

🕵️Threat Intelligence

Zscaler

Zscaler detects IE Vulnerabilities | 08-09-2011↗

▶