Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Published: 2011-08-10
Updated: 2022-02-28
Summary
Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Msbulletin
| bulletin_id | MS11-057 |
| bulletin_url | |
| date | 2011-08-09T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2559049 |
| knowledgebase_url | |
| severity | Critical |
| title | Cumulative Security Update for Internet Explorer |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS11-057.NASL |
| description | The remote host is missing Internet Explorer (IE) Security Update 2559049. The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 55787 |
| published | 2011-08-09 |
| reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/55787 |
| title | MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049) |
Oval
| accepted | 2014-08-18T04:00:29.041-04:00 |
| class | vulnerability |
| contributors | | name | Dragos Prisaca | | organization | Symantec Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
|
| definition_extensions | | comment | Microsoft Windows XP (32-bit) is installed | | oval | oval:org.mitre.oval:def:1353 |
| comment | Microsoft Internet Explorer 6 is installed | | oval | oval:org.mitre.oval:def:563 |
| comment | Microsoft Windows XP x64 is installed | | oval | oval:org.mitre.oval:def:15247 |
| comment | Microsoft Windows Server 2003 (32-bit) is installed | | oval | oval:org.mitre.oval:def:1870 |
| comment | Microsoft Windows Server 2003 (x64) is installed | | oval | oval:org.mitre.oval:def:730 |
| comment | Microsoft Windows Server 2003 (ia64) Gold is installed | | oval | oval:org.mitre.oval:def:396 |
| comment | Microsoft Internet Explorer 6 is installed | | oval | oval:org.mitre.oval:def:563 |
| comment | Microsoft Windows XP (32-bit) is installed | | oval | oval:org.mitre.oval:def:1353 |
| comment | Microsoft Windows XP x64 is installed | | oval | oval:org.mitre.oval:def:15247 |
| comment | Microsoft Windows Server 2003 (32-bit) is installed | | oval | oval:org.mitre.oval:def:1870 |
| comment | Microsoft Windows Server 2003 (x64) is installed | | oval | oval:org.mitre.oval:def:730 |
| comment | Microsoft Windows Server 2003 (ia64) Gold is installed | | oval | oval:org.mitre.oval:def:396 |
| comment | Microsoft Internet Explorer 7 is installed | | oval | oval:org.mitre.oval:def:627 |
| comment | Microsoft Windows Vista (32-bit) is installed | | oval | oval:org.mitre.oval:def:1282 |
| comment | Microsoft Windows Vista x64 Edition is installed | | oval | oval:org.mitre.oval:def:2041 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| comment | Microsoft Windows Server 2008 (ia-64) is installed | | oval | oval:org.mitre.oval:def:5667 |
| comment | Microsoft Internet Explorer 7 is installed | | oval | oval:org.mitre.oval:def:627 |
| comment | Microsoft Windows XP (32-bit) is installed | | oval | oval:org.mitre.oval:def:1353 |
| comment | Microsoft Windows XP x64 is installed | | oval | oval:org.mitre.oval:def:15247 |
| comment | Microsoft Windows Server 2003 (32-bit) is installed | | oval | oval:org.mitre.oval:def:1870 |
| comment | Microsoft Windows Server 2003 (x64) is installed | | oval | oval:org.mitre.oval:def:730 |
| comment | Microsoft Windows Vista (32-bit) is installed | | oval | oval:org.mitre.oval:def:1282 |
| comment | Microsoft Windows Vista x64 Edition is installed | | oval | oval:org.mitre.oval:def:2041 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| comment | Microsoft Internet Explorer 8 is installed | | oval | oval:org.mitre.oval:def:6210 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Internet Explorer 8 is installed | | oval | oval:org.mitre.oval:def:6210 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Internet Explorer 8 is installed | | oval | oval:org.mitre.oval:def:6210 |
| comment | Microsoft Windows Vista (32-bit) is installed | | oval | oval:org.mitre.oval:def:1282 |
| comment | Microsoft Windows Vista x64 Edition is installed | | oval | oval:org.mitre.oval:def:2041 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Internet Explorer 9 is installed | | oval | oval:org.mitre.oval:def:11985 |
|
| description | Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." |
| family | windows |
| id | oval:org.mitre.oval:def:12383 |
| status | accepted |
| submitted | 2011-08-09T13:00:00 |
| title | Event Handlers Information Disclosure Vulnerability |
| version | 77 |
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID: 49023 CVE ID:CVE-2011-1960 Microsoft Internet Explorer是一款流行的WEB浏览器。 应用程序的事件处理器存在安全漏洞,允许攻击者构建恶意WEB页,诱使用户解析,可查看其他域或Internet Explorer域中的敏感内容 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-057.mspx |
| id | SSV:20838 |
| last seen | 2017-11-19 |
| modified | 2011-08-10 |
| published | 2011-08-10 |
| reporter | Root |
| title | Microsoft Internet Explorer事件处理器跨域信息泄露漏洞 |