CVE-2011-1258

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."

Microsoft Internet Explorer 6 hasta la 8, no restringe correctamente el script web, permitiendo a atacantes remotos asistidos por el usuario obtener información confidencial de otro (1) dominio o (2) zona a través de vectores que implican una operación de "arrastrar y soltar", también conocido como "Vulnerabilidad de revelación de información de arrastrar y soltar"

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-03-04 CVE Reserved
2011-06-16 CVE Published
2023-10-23 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-668: Exposure of Resource to Wrong Sphere

CAPEC

References (3)

URL	Tag	Source
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12495	Signature

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050	2022-02-28

URL	Date	SRC
http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx	2022-02-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	-	sp2	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, x64	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp3	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	-	sp2	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	-	-	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	-	sp2	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	sp1	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	sp2	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, professional, x64	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp3	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	-	-	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	-	sp2	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	-	-	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	-	sp2	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"	-	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	sp1	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	sp2	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, professional, x64	Safe
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp3	Safe