CVE-2011-2019

Опубликовано: 14 дек. 2011

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."

Комментарий

Per: http://technet.microsoft.com/en-us/security/bulletin/ms11-099

'FAQ for Internet Explorer Insecure Library Loading Vulnerability - CVE-2011-2019

What is the scope of the vulnerability? This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.'

Ссылки

http://www.us-cert.gov/cas/techalerts/TA11-347A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-099
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13884
Tool Signature
http://www.us-cert.gov/cas/techalerts/TA11-347A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-099
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13884
Tool Signature

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:-:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.26606

Средний

9.3 Critical

CVSS2

Дефекты

CWE-426

Связанные уязвимости

GHSA-qqfg-frwj-847v

github

больше 3 лет назад