Vulnerability Name:

CVE-2011-1346 (CCN-66063)

Assigned:2011-03-09
Published:2011-03-09
Updated:2021-07-23
Summary:Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.5 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-1346

Source: MISC
Type: UNKNOWN
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011

Source: MISC
Type: UNKNOWN
http://twitter.com/aaronportnoy/statuses/45642180118855680

Source: MISC
Type: UNKNOWN
http://twitter.com/msftsecresponse/statuses/45646985998516224

Source: MISC
Type: UNKNOWN
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own

Source: CCN
Type: Microsoft Web site
Internet Explorer

Source: CCN
Type: OSVDB ID: 75250
Microsoft IE Unspecified Remote Code Execution

Source: BID
Type: UNKNOWN
46821

Source: CCN
Type: BID-46821
Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities

Source: CCN
Type: ZDNet Web site
Pwn2Own 2011: IE8 on Windows 7 hijacked with 3 vulnerabilities

Source: MISC
Type: UNKNOWN
http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367

Source: XF
Type: UNKNOWN
ie-unspec-code-exec(66063)

Source: XF
Type: UNKNOWN
ie-unspec-code-exec(66063)

Source: MISC
Type: UNKNOWN
https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011

Source: CCN
Type: ZDI-11-198
(Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:ie:8.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:25633
    V
    		Arbitrary code executing via unknown vectors.
    2015-08-10
    BACK
    microsoft internet explorer 8
    microsoft windows 7 *
    microsoft ie 8.0