Vulnerabilities > CVE-2011-1347 - Unspecified vulnerability in Microsoft Internet Explorer 8
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS11-057.NASL |
| description | The remote host is missing Internet Explorer (IE) Security Update 2559049. The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 55787 |
| published | 2011-08-09 |
| reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/55787 |
| title | MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049) |
Seebug
bulletinFamily exploit description BUGTRAQ ID: 46821 CVE ID: CVE-2011-1345,CVE-2011-1346,CVE-2011-1347 Internet Explorer,简称IE,是微软公司推出的一款网页浏览器。Internet Explorer,简称IE或MSIE,是微软公司推出的一款网页浏览器。 IE在实现上存在多个远程代码执行漏洞,远程攻击者可利用此漏洞在应用程序中执行任意代码,造成拒绝服务。 在Pwn2Own 2011竞赛中,Metasploit开发者Fewer用两个IE中的零日bug执行了代码,然后链接到第三个漏洞跳出了IE保护模式沙盒。DEP(数据执行保护)和ASLR(地址空间布局随机化)两个保护机制。 Microsoft Internet Explorer 8.x 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/windows/ie/default.asp id SSV:20373 last seen 2017-11-19 modified 2011-03-18 published 2011-03-18 reporter Root title Microsoft IE多个远程代码执行漏洞 bulletinFamily exploit description CVE ID:CVE-2011-1347 Microsoft Internet Explorer是一款流行的WEB浏览器。 Internet Explorer保护模式由中等完整性级别和低完整性级别的进程组成。低完整性进程只允许向特定低完整性位置写文件,写入的文件会被标记为低完整性文件。当启动一个新的Internet Explorer进程时会对启动的文件进行完整性级别检查,如果文件属于低完整性级别文件,那么会运行在低完整性模式下。但是如果给定某个文件更低的权限,应用程序在检查过程中由于不匹配'Low Integrity',导致会以中级完整性级别运行之。攻击者可以利用此漏洞绕过保护模式提升特权 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-057.mspx id SSV:20837 last seen 2017-11-19 modified 2011-08-10 published 2011-08-10 reporter Root title Microsoft Internet Explorer 保护模式绕过漏洞(Pwn2Own)
References
- http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
- http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
- http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
- http://twitter.com/aaronportnoy/statuses/45642180118855680
- http://twitter.com/msftsecresponse/statuses/45646985998516224
- http://www.securityfocus.com/bid/46821
- https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66064
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057