Home

CVE-2011-1345

Description

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka Object Management Memory Corruption Vulnerability.

Risk Information

Base Score
9.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
EPSS Score
Exploitation Probability
51.4

Associated Vulnerability

VulnerabilityOS Platform
Cumulative Security Update for Internet Explorer for Windows XP (KB2497640)Windows
Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2497640)Windows
Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2497640) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2497640) x86 based systems for SP2Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2497640) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2497640) x86 based systems for SP2Windows
Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2497640) for SP2Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2497640) for SP2Windows
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2497640) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2497640) x86 based systems for SP1Windows
Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2497640) for SP1Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2497640) for SP1Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-9911Cumulative Security Update for Internet Explorer for Windows XP (KB2497640)
PATCH-9912Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2497640)
PATCH-9914Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2497640)
PATCH-9918Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2497640)
PATCH-9920Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2497640)
PATCH-9921Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2497640)
PATCH-9922Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2497640)
PATCH-9924Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2497640)
PATCH-9926Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2497640)
PATCH-9927Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)
PATCH-9928Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2497640)
PATCH-9929Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2497640)
PATCH-9930Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2497640)
PATCH-9931Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2497640)
PATCH-9932Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2497640)
PATCH-9933Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2497640)
PATCH-9934Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2497640)
PATCH-9935Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2497640)
PATCH-9936Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2497640)
PATCH-9937Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2497640)
PATCH-9938Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2497640)
PATCH-9939Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2497640)
PATCH-9940Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2497640)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234