Vulnerability Name:
CVE-2011-0347 (CCN-64571)
Assigned:
2011-01-01
Published:
2011-01-01
Updated:
2021-07-23
Summary:
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
9.3 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
7.5 High
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
)
4.0 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Other
References:
Source: FULLDISC
Type: UNKNOWN
20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more
Source: MISC
Type: UNKNOWN
http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
Source: MITRE
Type: CNA
CVE-2011-0347
Source: CCN
Type: lcamtuf's blog, January 01, 2011
Announcing cross_fuzz, a potential 0-day in circulation, and more
Source: MISC
Type: UNKNOWN
http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html
Source: MISC
Type: UNKNOWN
http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt
Source: MISC
Type: UNKNOWN
http://lcamtuf.coredump.cx/cross_fuzz/msie_display.jpg
Source: MISC
Type: Vendor Advisory
http://www.microsoft.com/technet/security/advisory/2490606.mspx
Source: CCN
Type: Microsoft Web site
Internet Explorer
Source: CCN
Type: OSVDB ID: 70392
Microsoft IE DOM Implementation cross_fuzz GUI Display Weakness
Source: BUGTRAQ
Type: UNKNOWN
20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more
Source: XF
Type: UNKNOWN
ms-ie-gui-weak-security(64571)
Source: XF
Type: UNKNOWN
ms-ie-gui-weak-security(64571)
Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12514
Vulnerable Configuration:
Configuration 1
:
cpe:/a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
AND
cpe:/o:microsoft:windows_xp:*:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
OR
cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
OR
cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
OR
cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*
OR
cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:-:sp2:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*
OR
cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*
OR
cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*
OR
cpe:/o:microsoft:windows:xp:sp2:x64:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.mitre.oval:def:12514
V
Vulnerability in Microsoft Internet Explorer Could Allow GUI Corruption
2013-04-15
BACK
microsoft
internet explorer *
microsoft
windows xp *
microsoft
ie *
microsoft
windows server_2003 sp2
microsoft
windows server_2003 sp2
microsoft
windows server_2003 sp2
microsoft
windows vista - sp1
microsoft
windows vista - sp1
microsoft
windows server 2008 -
microsoft
windows server 2008 -
microsoft
windows server 2008 -
microsoft
windows xp sp3
microsoft
windows vista - sp2
microsoft
windows vista - sp2
microsoft
windows server 2008 sp2
microsoft
windows server 2008 sp2
microsoft
windows server 2008
microsoft
windows xp sp2