CVE-2011-0347 - Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI displa

CVE-2011-0347

Summary

Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 23-07-2021 - 15:12)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2013-04-15T04:00:08.375-04:00

class

vulnerability

contributors

name SecPod Team
organization SecPod Technologies
name Josh Turpin
organization Symantec Corporation
name Josh Turpin
organization Symantec Corporation
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment Microsoft Windows XP is installed
oval oval:org.mitre.oval:def:105
comment Microsoft Internet Explorer 6 is installed
oval oval:org.mitre.oval:def:563
comment Microsoft Internet Explorer 7 is installed
oval oval:org.mitre.oval:def:627
comment Microsoft Internet Explorer 8 is installed
oval oval:org.mitre.oval:def:6210
comment Microsoft Internet Explorer 9 is installed
oval oval:org.mitre.oval:def:11985

description

family

windows

oval:org.mitre.oval:def:12514

status

accepted

submitted

2011-03-18T13:10:08

title

Vulnerability in Microsoft Internet Explorer Could Allow GUI Corruption

version

refmap via4

bugtraq	20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more
fulldisc	20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more
misc	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt http://lcamtuf.coredump.cx/cross_fuzz/msie_display.jpg http://www.microsoft.com/technet/security/advisory/2490606.mspx
xf	ms-ie-gui-weak-security(64571)

Last major update

23-07-2021 - 15:12

Published

07-01-2011 - 23:00

Last modified

23-07-2021 - 15:12