⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2021-11-17. Required action: Apply updates per vendor instructions..

CVE-2021-27085

6 documents6 sources

Severity

8.8HIGH

EPSS

1.6%

top 18.18%

CISA KEV

KEV

Added 2021-11-03

Due 2021-11-17

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Internet Explorer 11 Microsoft Internet Explorer

Timeline

PublishedMar 11

KEV addedNov 3

KEV dueNov 17

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Internet Explorer Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:LExploitability: 2.8 | Impact: 5.3

Affected Packages2 packages

▶CVEListV5microsoft/internet_explorer_111.0.0 — publication

▶NVDmicrosoft/internet_explorer11

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vm76-5x29-7jx8: Internet Explorer Remote Code Execution Vulnerability↗2022-05-24

▶

CVEList

Internet Explorer Remote Code Execution Vulnerability↗2021-03-11

▶

VulnCheck

Microsoft Internet Explorer Remote Code Execution Vulnerability↗2021

▶

📋Vendor Advisories

CISA

Microsoft Internet Explorer Remote Code Execution Vulnerability↗2021-11-03

▶

Microsoft

Internet Explorer Remote Code Execution Vulnerability↗2021-03-09

▶