Vulnerability ID 4398

Microsoft Internet Explorer 9.x IFRAME Rendering privilege escalation

CVSSv2 Temp ScoreCurrent Exploit Price (≈)

A vulnerability was found in Microsoft Internet Explorer 9.x. It has been classified as problematic. Affected is an unknown function of the component IFRAME Rendering. The manipulation with an unknown input leads to a privilege escalation vulnerability. This is going to have an impact on confidentiality, and integrity.

The issue has been introduced in 03/16/2010. The weakness was presented 08/09/2011 by Rosario Valotta (Full-Disclosure). The advisory is shared for download at This vulnerability is traded as CVE-2011-2383 since 06/03/2011. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available.

The vulnerability was handled as a non-public zero-day exploit for at least 444 days. During that time the estimated underground price was around $50k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 802203 (Microsoft Internet Explorer Cookie Hijacking Vulnerability), which helps to determine the existence of the flaw in a target environment. It is assigned to the family General. The commercial vulnerability scanner Qualys is able to test this issue with plugin 100100.

Upgrading eliminates this vulnerability. Applying the patch MS11-057 is able to eliminate this problem. The bugfix is ready for download at The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at SecurityFocus (BID 47989), X-Force (68823) and Secunia (SA45565). The entries 2069, 4383, 57580 and 58231 are pretty similar.


Base Score: 5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N) [?]
Temp Score: 5.0 (CVSS2#E:ND/RL:OF/RC:ND) [?]




Class: Privilege escalation (CWE-20)
Local: No
Remote: Yes

Availability: No

Current Price Estimation: $50k-$100k (0-day) / $10k-$25k (Today)


Nessus ID: 802203
Nessus Name: Microsoft Internet Explorer Cookie Hijacking Vulnerability
Nessus File: smb_nt_ms11-057.nasl
Nessus Risk: Medium
Nessus Family: General
OpenVAS ID: 802203
OpenVAS Name: Microsoft Internet Explorer Cookie Hijacking Vulnerability
OpenVAS File: gb_ms_ie9_cookie_hijacking_vuln.nasl
OpenVAS Family: General
Qualys ID: 100100


Recommended: Upgrade
Status: Official fix
0-Day Time: 444 days since found

Patch: MS11-057


03/16/2010Vulnerability introduced
06/03/2011CVE assigned
06/03/2011NVD disclosed
06/03/2011VulnerabilityCenter entry assigned
06/12/2011VulnerabilityCenter entry created
06/13/2011Nessus plugin released
08/09/2011Advisory disclosed
08/19/2011VulDB entry created
02/15/2015VulnerabilityCenter entry updated
05/02/2016VulDB entry updated


Researcher: Rosario Valotta

CVE: CVE-2011-2383 ( ( (

SecurityFocus: 47989
Secunia: 45565 - Microsoft Internet Explorer Internet Explorer Iframe Cookie Disclosure Weakness, Not Critical
X-Force: 68823
Vulnerability Center: 31723 - [MS11-057] Microsoft Internet Explorer 9 and Earlier Cross-Zone Restrictions Bypass Vulnerability, Medium

See also: 2069, 4383, 57580, 58231, 58233 , 58235


Created: 08/19/2011
Updated: 05/02/2016
Entry: 92.4% complete