Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1996Microsoft Internet Explorer vulnerability

6 documents5 sources
Severity
9.3CRITICALNVD
EPSS
77.3%
top 1.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedOct 12
Latest updateMay 13

Description

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-gwx3-q7h2-fw63: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi2022-05-13

💥Exploits & PoCs

3
Exploit-DB
Microsoft Internet Explorer - Option Element Use-After-Free (MS11-081) (Metasploit)2013-01-10
Exploit-DB
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow2011-11-02
Metasploit
MS11-081 Microsoft Internet Explorer Option Element Use-After-Free

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-11-2011
CVE-2011-1996 — Microsoft vulnerability | cvebase