9.3 - MS11-050

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Cumulative Security Update for Internet Explorer (2530548)

Informations
Name	MS11-050	First vendor Publication	2011-06-14
Vendor	Microsoft	Last vendor Modification	2011-08-09
Severity (Vendor)	Critical	Revision	1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical

Revision Note: V1.1 (August 9, 2011): Clarified that one of the defense-in-depth changes included in this security update addresses a memory address leak issue, publicly referenced as CVE-2011-1346. This is an informational change only.

Summary: This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-050

CWE : Common Weakness Enumeration

%	Id	Name
25 %	CWE-668	Exposure of Resource to Wrong Sphere
25 %	CWE-200	Information Exposure
25 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
25 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12227

Oval ID:	oval:org.mitre.oval:def:12227
Title:	Time Element Memory Corruption Vulnerability
Description:	The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1255	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8
Definition Synopsis:
Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.6104 OR Internet Explorer 6 on XP x64, Server 2003 x86/x64/ia64 XP x64, Server 2003 x86/x64/ia64 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4857 OR Internet Explorer 7 on XP x86/x64, Server 2003 x86/x64/ia64 XP x86/x64, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 7.0.6000.17098 OR QFE Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21300 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6001.18639 OR LDR Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22905 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6002.18457 OR LDR Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22629 OR Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735

Definition Id: oval:org.mitre.oval:def:12308

Oval ID:	oval:org.mitre.oval:def:12308
Title:	Layout Memory Corruption Vulnerability
Description:	Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1260	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 8 Microsoft Internet Explorer 9
Definition Synopsis:
Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735 OR Internet Explorer 9 on Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 R2 x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 9 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 9.0.8112.16430 OR LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Mshtml.dll version is less than 9.0.8112.20530

Definition Id: oval:org.mitre.oval:def:12326

Oval ID:	oval:org.mitre.oval:def:12326
Title:	DOM Manipulation Memory Corruption Vulnerability
Description:	Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1251	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 8
Definition Synopsis:
Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735

Definition Id: oval:org.mitre.oval:def:12368

Oval ID:	oval:org.mitre.oval:def:12368
Title:	Drag and Drop Memory Corruption Vulnerability
Description:	Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1254	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8
Definition Synopsis:
Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.6104 OR Internet Explorer 6 on XP x64, Server 2003 x86/x64/ia64 XP x64, Server 2003 x86/x64/ia64 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4857 OR Internet Explorer 7 on XP x86/x64, Server 2003 x86/x64/ia64 XP x86/x64, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 7.0.6000.17098 OR QFE Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21300 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6001.18639 OR LDR Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22905 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6002.18457 OR LDR Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22629 OR Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735

Definition Id: oval:org.mitre.oval:def:12405

Oval ID:	oval:org.mitre.oval:def:12405
Title:	HTTP Redirect Memory Corruption Vulnerability
Description:	Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1262	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9
Definition Synopsis:
Internet Explorer 7 on XP x86/x64, Server 2003 x86/x64/ia64 XP x86/x64, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 7.0.6000.17098 OR QFE Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21300 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6001.18639 OR LDR Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22905 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6002.18457 OR LDR Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22629 OR Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735 OR Internet Explorer 9 on Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 R2 x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 9 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 9.0.8112.16430 OR LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Mshtml.dll version is less than 9.0.8112.20530

Definition Id: oval:org.mitre.oval:def:12464

Oval ID:	oval:org.mitre.oval:def:12464
Title:	MIME Sniffing Information Disclosure Vulnerability
Description:	Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1246	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 8
Definition Synopsis:
Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735

Definition Id: oval:org.mitre.oval:def:12495

Oval ID:	oval:org.mitre.oval:def:12495
Title:	Drag and Drop Information Disclosure Vulnerability
Description:	Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1258	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8
Definition Synopsis:
Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.6104 OR Internet Explorer 6 on XP x64, Server 2003 x86/x64/ia64 XP x64, Server 2003 x86/x64/ia64 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4857 OR Internet Explorer 7 on XP x86/x64, Server 2003 x86/x64/ia64 XP x86/x64, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 7.0.6000.17098 OR QFE Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21300 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6001.18639 OR LDR Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22905 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6002.18457 OR LDR Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22629 OR Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735

Definition Id: oval:org.mitre.oval:def:12577

Oval ID:	oval:org.mitre.oval:def:12577
Title:	toStaticHTML Information Disclosure Vulnerability
Description:	Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1252	Version:	11
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 7 Microsoft Internet Explorer 8
Definition Synopsis:
Internet Explorer 7 on XP x86/x64, Server 2003 x86/x64/ia64 XP x86/x64, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 7.0.6000.17098 OR QFE Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21300 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6001.18639 OR LDR Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22905 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6002.18457 OR LDR Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22629 OR Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735

Definition Id: oval:org.mitre.oval:def:12708

Oval ID:	oval:org.mitre.oval:def:12708
Title:	Link Properties Handling Memory Corruption Vulnerability
Description:	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1250	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9
Definition Synopsis:
Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.6104 OR Internet Explorer 6 on XP x64, Server 2003 x86/x64/ia64 XP x64, Server 2003 x86/x64/ia64 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4857 OR Internet Explorer 7 on XP x86/x64, Server 2003 x86/x64/ia64 XP x86/x64, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 7.0.6000.17098 OR QFE Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21300 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6001.18639 OR LDR Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22905 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6002.18457 OR LDR Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22629 OR Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735 OR Internet Explorer 9 on Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 R2 x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 9 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 9.0.8112.16430 OR LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Mshtml.dll version is less than 9.0.8112.20530

Definition Id: oval:org.mitre.oval:def:12716

Oval ID:	oval:org.mitre.oval:def:12716
Title:	DOM Modification Memory Corruption Vulnerability
Description:	Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1256	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8
Definition Synopsis:
Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.6104 OR Internet Explorer 6 on XP x64, Server 2003 x86/x64/ia64 XP x64, Server 2003 x86/x64/ia64 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4857 OR Internet Explorer 7 on XP x86/x64, Server 2003 x86/x64/ia64 XP x86/x64, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 7.0.6000.17098 OR QFE Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21300 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6001.18639 OR LDR Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22905 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6002.18457 OR LDR Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22629 OR Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735

Definition Id: oval:org.mitre.oval:def:12755

Oval ID:	oval:org.mitre.oval:def:12755
Title:	Selection Object Memory Corruption Vulnerability
Description:	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1261	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9
Definition Synopsis:
Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.6104 OR Internet Explorer 6 on XP x64, Server 2003 x86/x64/ia64 XP x64, Server 2003 x86/x64/ia64 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4857 OR Internet Explorer 7 on XP x86/x64, Server 2003 x86/x64/ia64 XP x86/x64, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 7.0.6000.17098 OR QFE Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21300 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6001.18639 OR LDR Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22905 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 7.0.6002.18457 OR LDR Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22629 OR Internet Explorer 8 on XP x64/x86, Server 2003 x86/x64/ia64 XP x64,XP x86, Server 2003 x86/x64/ia64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or QFE Service branch Mshtml.dll version is less than 8.0.6001.19088 OR QFE Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.6001.19088 OR LDR Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.23181 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16821 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20975 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 8.0.7601.17622 OR LDR Mshtml.dll version is greater than or equal 8.0.7601.20000 AND Mshtml.dll version is less than 8.0.7601.21735 OR Internet Explorer 9 on Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 R2 x64/ia64 Vista x86/x64, Server 2008 x86/x64/ia64, Windows 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 9 is installed AND GDR or LDR Service branch Mshtml.dll version is less than 9.0.8112.16430 OR LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Mshtml.dll version is less than 9.0.8112.20530

Definition Id: oval:org.mitre.oval:def:12885

Oval ID:	oval:org.mitre.oval:def:12885
Title:	HTML Sanitization Vulnerability
Description:	Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1252	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):	Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft Groove Server 2010 Microsoft Windows SharePoint Services 3.0 Microsoft SharePoint Foundation 2010
Definition Synopsis:
Vulnerable Microsoft Office SharePoint Server 2007 (coreserver) Microsoft Office SharePoint Server 2007 is installed. AND the version of Osafehtm.dll is less than 12.0.6555.5000 AND Vulnerable Microsoft Office SharePoint Server 2007 (oserver/sserverx) Microsoft Office SharePoint Server 2007 is installed. affected file Pidval.exe version is less than 12.0.6562.5000 AND PidValidator.exe version is less than 12.0.6562.5000 AND Vulnerable Microsoft Office SharePoint Server 2007 (dlc) Microsoft Office SharePoint Server 2007 is installed. AND Microsoft.office.policy.dll version is less than 12.0.6562.5000 AND Vulnerable Microsoft Office SharePoint Server 2010 (osrchwfe) Microsoft Office SharePoint Server 2010 is installed. AND Microsoft.SharePoint.Taxonomy.dll version is less than 14.0.6106.5001 AND Vulnerable Microsoft Office SharePoint Server 2010 (osrv/wosrv) Microsoft Office SharePoint Server 2010 is installed. AND Microsoft.office.server.dll version is less than 14.0.6106.5001 AND Vulnerable Microsoft Office SharePoint Server 2010 (ppsmawfe) Microsoft Office SharePoint Server 2010 is installed. AND Eawfap.dll version is less than 14.0.6106.5001 AND Vulnerable Microsoft Office SharePoint Server 2010 (dlc) Microsoft Office SharePoint Server 2010 is installed. AND Microsoft.office.policy.dll version is less than 14.0.6106.5001 AND Vulnerable Microsoft Office SharePoint Server 2010 (ppsmamui) Microsoft Office SharePoint Server 2010 is installed. AND Microsoft.SharePoint.Client.dll version is less than 14.0.6106.5001 OR Microsoft Groove Server 2010 Microsoft Groove Server 2010 is installed AND Groove.management.server.dll version is less than 14.0.6106.5000 AND Vulnerable Microsoft Windows SharePoint Services 3.0 Microsoft Windows SharePoint Services 3.0 are installed AND the version of Onetutil.dll is less than 12.0.6565.5001 AND Vulnerable Microsoft SharePoint Foundation 2010 Microsoft SharePoint Foundation 2010 is installed AND OWSSVR.DLL version is less than 14.0.6106.5008

Definition Id: oval:org.mitre.oval:def:25633

Oval ID:	oval:org.mitre.oval:def:25633
Title:	Arbitrary code executing via unknown vectors.
Description:	Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1346	Version:	5
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Microsoft Internet Explorer 8
Definition Synopsis:
Microsoft Internet Explorer 8 is installed GDR or LDR Service branch Mshtml.dll version is less than 8.0.7600.16722 OR LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20861

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Internet Explorer cpe:2.3:a:microsoft:internet_explorer:9:::::::* cpe:2.3:a:microsoft:internet_explorer:8:::::::* cpe:2.3:a:microsoft:internet_explorer:7:::::::* cpe:2.3:a:microsoft:internet_explorer:6:::::::*	4

SAINT Exploits

Description	Link
Microsoft Internet Explorer Time Element Memory Corruption	More info here
Internet Explorer DOM modification memory corruption	More info here
Microsoft Internet Explorer layout-grid-char Style Property Use-After-Free Memory Corruption	More info here

ExploitDB Exploits

id	Description
2011-06-17	MS11-050 IE mshtml!CObjectElement Use After Free

OpenVAS Exploits

Date	Description
2011-09-14	Name : Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) File : nvt/secpod_ms11-074.nasl
2011-06-15	Name : Microsoft Internet Explorer Multiple Vulnerabilities (2530548) File : nvt/secpod_ms11-050.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
75250	Microsoft IE Unspecified Remote Code Execution
72953	Microsoft IE MIME Sniffing Information Disclosure
72952	Microsoft IE CDL Protocol 302 HTTP Redirect Memory Corruption
72951	Microsoft IE selection.empty JavaScript Statement onclick Event Memory Corrup...
72950	Microsoft IE layout-grid-char Style Property Handling Memory Corruption
72949	Microsoft IE Drag and Drop Information Disclosure
72948	Microsoft IE Multiple JavaScript Modifications DOM Manipulation Memory Corrup...
72947	Microsoft IE Time Element Memory Corruption
72946	Microsoft IE Drag and Drop Memory Corruption
72944	Microsoft IE SafeHTML Function XSS
72943	Microsoft IE vgx.dll imagedata VML Object DOM Modification Memory Corruption
72942	Microsoft IE Link Properties Handling Memory Corruption

Information Assurance Vulnerability Management (IAVM)

Date	Description
2011-09-15	IAVM : 2011-B-0115 - Multiple Vulnerabilities in Microsoft Office SharePoint Severity : Category II - VMSKEY : V0030239

Snort® IPS/IDS

Date	Description
2019-06-22	Microsoft Internet Explorer redirect to cdl protocol attempt RuleID : 50181 - Revision : 2 - Type : BROWSER-IE
2018-02-22	toStaticHTML CSS import XSS exploit attempt RuleID : 45514 - Revision : 1 - Type : BROWSER-IE
2016-04-05	Microsoft Internet Explorer covered object memory corruption attempt RuleID : 37967 - Revision : 2 - Type : BROWSER-IE
2016-04-05	Microsoft Internet Explorer covered object memory corruption attempt RuleID : 37966 - Revision : 2 - Type : BROWSER-IE
2014-04-03	Hello/LightsOut exploit kit - exploit targeting Java v1.6.32 and older RuleID : 30009 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03	Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 8... RuleID : 30008 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03	Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 7... RuleID : 30007 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03	Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 6... RuleID : 30006 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03	Hello/LightsOut exploit kit - exploit targeting Google Chrome with Java befor... RuleID : 30005 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03	Hello/LightsOut exploit kit - exploit targeting Java before v1.7.17 RuleID : 30004 - Revision : 3 - Type : EXPLOIT-KIT
2018-06-15	Hello/LightsOut exploit kit payload download attempt RuleID : 30003-community - Revision : 6 - Type : EXPLOIT-KIT
2014-04-03	Hello/LightsOut exploit kit payload download attempt RuleID : 30003 - Revision : 6 - Type : EXPLOIT-KIT
2014-04-03	Hello/LightsOut exploit kit Java download attempt RuleID : 30002 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03	Hello/LightsOut exploit kit landing page detected RuleID : 30001 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Microsoft Internet Explorer CSS expression defined to empty selection attempt RuleID : 28306 - Revision : 7 - Type : BROWSER-IE
2014-01-10	KaiXin exploit kit Java Class download RuleID : 24793 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	KaiXin exploit kit attack vector attempt RuleID : 24670 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	KaiXin exploit kit attack vector attempt RuleID : 24669 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	KaiXin exploit kit attack vector attempt RuleID : 24668 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	KaiXin exploit kit attack vector attempt RuleID : 24667 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Microsoft Internet Explorer toStaticHTML XSS attempt RuleID : 21569 - Revision : 6 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt malicious string RuleID : 20822 - Revision : 12 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20811 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20810 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20809 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20808 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20807 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20806 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20805 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20804 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20790 - Revision : 12 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20789 - Revision : 12 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20788 - Revision : 13 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20787 - Revision : 12 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 20786 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 20766 - Revision : 10 - Type : BROWSER-IE
2014-01-10	Microsoft SharePoint XSS RuleID : 20117 - Revision : 8 - Type : SERVER-WEBAPP
2014-01-10	Microsoft Internet Explorer covered object memory corruption attempt RuleID : 19809 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer covered object memory corruption attempt RuleID : 19808 - Revision : 14 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 19266 - Revision : 15 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 19265 - Revision : 16 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer CSS expression defined to empty selection attempt RuleID : 19246 - Revision : 15 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer redirect to cdl protocol attempt RuleID : 19245 - Revision : 10 - Type : BROWSER-IE
2014-01-10	Internet Explorer CSS expression defined to empty slection attempt RuleID : 19244 - Revision : 3 - Type : WEB-CLIENT
2014-01-10	Microsoft Internet Explorer layout-grid-char value exploit attempt RuleID : 19243 - Revision : 16 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer 6/7/8 reload stylesheet attempt RuleID : 19240 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer 8 toStaticHTML XSS attempt RuleID : 19239 - Revision : 7 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer 8 self remove from markup vulnerability RuleID : 19238 - Revision : 9 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer contenteditable corruption attempt RuleID : 19237 - Revision : 14 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer drag event memory corruption attempt RuleID : 19236 - Revision : 12 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer copy/paste memory corruption attempt RuleID : 19235 - Revision : 10 - Type : BROWSER-IE

Metasploit Database

id	Description
2011-06-16	MS11-050 IE mshtml!CObjectElement Use After Free

Nessus® Vulnerability Scanner

Date	Description
2011-09-14	Name : The remote host is affected by multiple privilege escalation and information ... File : smb_nt_ms11-074.nasl - Type : ACT_GATHER_INFO
2011-06-15	Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms11-050.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-05-23 13:17:13	Multiple Updates
2014-02-17 11:47:01	Multiple Updates
2014-01-19 21:30:41	Multiple Updates
2013-05-11 00:49:51	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	4
Oval ID(s)	13
CPE ID(s)	4
Saint Exploit(s)	3
osvdb(s)	12
ExploitDB Exploit(s)	1
Metasploit Exploit(s)	1
Openvas Exploit(s)	2
IAVM(s)	1
Snort® Rule(s)	51
Nessus® Exploit(s)	2

	Related
9.3	MS11-057
9.3	MS11-018
9.3	CVE-2011-1346
9.3	CVE-2011-1262
9.3	CVE-2011-1261
9.3	CVE-2011-1260
9.3	CVE-2011-1256
9.3	CVE-2011-1255
9.3	CVE-2011-1254
9.3	CVE-2011-1251
9.3	CVE-2011-1250
4.3	MS11-074
4.3	CVE-2011-1258
4.3	CVE-2011-1252
4.3	CVE-2011-1246
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 15 more Alert(s)