Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (2482017) |
Informations | |||
---|---|---|---|
Name | MS11-003 | First vendor Publication | 2011-02-08 |
Vendor | Microsoft | Last vendor Modification | 2011-03-08 |
Severity (Vendor) | Critical | Revision | 2.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V2.0 (March 8, 2011): Clarified the Affected Software to include Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. See the entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, that explains this revision.Summary: This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user opens a legitimate HTML file that loads a specially crafted library file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS11-003.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
33 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12261 | |||
Oval ID: | oval:org.mitre.oval:def:12261 | ||
Title: | Uninitialized Memory Corruption Vulnerability (CVE-2011-0036) | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0036 | Version: | 13 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12270 | |||
Oval ID: | oval:org.mitre.oval:def:12270 | ||
Title: | Internet Explorer Insecure Library Loading Vulnerability | ||
Description: | Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0038 | Version: | 13 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12371 | |||
Oval ID: | oval:org.mitre.oval:def:12371 | ||
Title: | Uninitialized Memory Corruption Vulnerability (CVE-2011-0035) | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0035 | Version: | 12 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12382 | |||
Oval ID: | oval:org.mitre.oval:def:12382 | ||
Title: | CSS Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3971 | Version: | 12 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Internet Explorer CSS Import Use-After-Free Code Execution | More info here |
ExploitDB Exploits
id | Description |
---|---|
2011-02-08 | Internet Explorer CSS Recursive Import Use After Free |
OpenVAS Exploits
Date | Description |
---|---|
2011-02-09 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2482017) File : nvt/secpod_ms11-003.nasl |
2010-12-31 | Name : Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability File : nvt/secpod_ms_ie_use_after_free_dos_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70833 | Microsoft IE Insecure Library Loading Remote Code Execution Microsoft Internet Explorer contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the program does not properly handle the loading of .dll files, allowing a context-dependent attacker to gain privileges equal to that of the logged-on user through use of a legitimate HTML file and crafted .dll file. |
70832 | Microsoft IE mshtml.dll Dangling Pointer Memory Corruption Remote Code Execution A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to sanitize user-supplied input when accessing unitialized or deleted objects, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code. |
70831 | Microsoft IE Uninitialized Memory Corruption Remote Code Execution (2011-0035) A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to sanitize user-supplied input when accessing unitialized or deleted objects, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code. |
69796 | Microsoft IE CSS Parser mshtml.dll CSharedStyleSheet::Notify Function Use-aft... Microsoft IE contains a use-after-free error within the 'mshtml.dll' library when processing a web page referencing a CSS file that includes various '@import' rules. This may allow a context-dependent attacker to use a maliciously crafted web page to execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt RuleID : 19172 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt RuleID : 19171 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer document.insertBefore memory corruption attempt RuleID : 18404 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Data Source Object memory corruption attempt RuleID : 18403 - Revision : 17 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CSS importer use-after-free attempt RuleID : 18240 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CSS importer use-after-free attempt RuleID : 18196 - Revision : 18 - Type : BROWSER-IE |
Metasploit Database
id | Description |
---|---|
2010-11-29 | MS11-003 Microsoft Internet Explorer CSS Recursive Import Use After Free |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-02-08 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms11-003.nasl - Type : ACT_GATHER_INFO |
2011-01-20 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_kb2488013.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:13 |
|
2014-02-17 11:46:50 |
|
2014-01-19 21:30:35 |
|