CVE-2011-1345
published 2011-03-10CVE-2011-1345: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an…
PriorityP272critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
40.88%
98.5th percentile
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mx8g-6g6q-2p9c: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi
ghsa_unreviewed·2022-05-13
CVE-2011-1345 [HIGH] GHSA-mx8g-6g6q-2p9c: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
VulnCheck
Object Management Memory Corruption Vulnerability
vulncheck·2011·CVSS 9.3
CVE-2011-1345 [CRITICAL] Object Management Memory Corruption Vulnerability
Object Management Memory Corruption Vulnerability
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
No detection rules found.
No public exploits indexed.
Krebs
In a Zero-Day World, It’s Active Attacks that Matter – Krebs on Security
blogs_krebs·2012-10-01
In a Zero-Day World, It’s Active Attacks that Matter – Krebs on Security
The recent zero-day vulnerability in Internet Explorer caused many (present company included) to urge Internet users to consider surfing the Web with a different browser until Microsoft issued a patch. Microsoft did so last month, but not before experts who ought to have known better began downplaying such advice, pointing out that other browser makers have more vulnerabilities and just as much exposure to zero-day flaws.
This post examines hard data that shows why such reasoning is more emotional than factual. Unlike Google Chrome and Mozilla Firefox users, IE users were exposed to active attacks against unpatched, critical vulnerabilities for months at a time over the past year and a half.
Attackers exploited zero-day holes in Internet Explorer for at least 89 days over the past 19 mon
Krebs
In a Zero-Day World, It’s Active Attacks that Matter
blogs_krebs·2012-10-01
In a Zero-Day World, It’s Active Attacks that Matter
The recent zero-day vulnerability in Internet Explorer caused many (present company included) to urge Internet users to consider surfing the Web with a different browser until Microsoft issued a patch. Microsoft did so last month, but not before experts who ought to have known better began downplaying such advice, pointing out that other browser makers have more vulnerabilities and just as much exposure to zero-day flaws.
This post examines hard data that shows why such reasoning is more emotional than factual. Unlike Google Chrome and Mozilla Firefox users, IE users were exposed to active attacks against unpatched, critical vulnerabilities for months at a time over the past year and a half.
Attackers exploited zero-day holes in Internet Explorer for at least 89 days over the past 19 mon
Zscaler
Zscaler found Multiple Security Vulnerabilities | 04-12-2011
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler found Multiple Security Vulnerabilities | 04-12-2011
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011http://twitter.com/aaronportnoy/statuses/45642180118855680http://twitter.com/msftsecresponse/statuses/45646985998516224http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Ownhttp://www.securityfocus.com/bid/46821http://www.securitytracker.com/id?1025327http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlhttp://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018https://exchange.xforce.ibmcloud.com/vulnerabilities/66062https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011http://twitter.com/aaronportnoy/statuses/45642180118855680http://twitter.com/msftsecresponse/statuses/45646985998516224http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Ownhttp://www.securityfocus.com/bid/46821http://www.securitytracker.com/id?1025327http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlhttp://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018https://exchange.xforce.ibmcloud.com/vulnerabilities/66062https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
2011-03-10
Published
Exploited in the wild