Follow:

Exploit:Win/IE.MSHTML.RCE!CVE-2011-0094

Severity rating
Critical

Class/Type
Exploit

Discovered date
2011-01-12T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

This remote code execution vulnerability in Internet Explorer 6 and Internet Explorer 7.



Impact

Remote Code Execution



Technical details (analysis)

This remote code execution vulnerability in Internet Explorer 6 and Internet Explorer 7. An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.



Affected software

Internet Explorer 6
Internet Explorer 7



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Exploit:Win/IE.MSHTML.RCE!CVE-2011-0094
Release Date: 2011-01-12T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

No known work-arrounds at this time.