Vulnerability ID 4398

Microsoft Internet Explorer 9.x IFRAME Rendering privilege escalation

Microsoft
CVSSv2 Temp ScoreCurrent Exploit Price (≈)
5.0$10k-$25k

A vulnerability was found in Microsoft Internet Explorer 9.x. It has been classified as problematic. Affected is an unknown function of the component IFRAME Rendering. The manipulation with an unknown input leads to a privilege escalation vulnerability. This is going to have an impact on confidentiality, and integrity.

The issue has been introduced in 03/16/2010. The weakness was presented 08/09/2011 by Rosario Valotta (Full-Disclosure). The advisory is shared for download at archives.neohapsis.com. This vulnerability is traded as CVE-2011-2383 since 06/03/2011. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available.

The vulnerability was handled as a non-public zero-day exploit for at least 444 days. During that time the estimated underground price was around $50k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 802203 (Microsoft Internet Explorer Cookie Hijacking Vulnerability), which helps to determine the existence of the flaw in a target environment. It is assigned to the family General. The commercial vulnerability scanner Qualys is able to test this issue with plugin 100100.

Upgrading eliminates this vulnerability. Applying the patch MS11-057 is able to eliminate this problem. The bugfix is ready for download at microsoft.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at SecurityFocus (BID 47989), X-Force (68823) and Secunia (SA45565). The entries 2069, 4383, 57580 and 58231 are pretty similar.

CVSS

Base Score: 5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N) [?]
Temp Score: 5.0 (CVSS2#E:ND/RL:OF/RC:ND) [?]

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Privilege escalation (CWE-20)
Local: No
Remote: Yes

Availability: No

Current Price Estimation: $50k-$100k (0-day) / $10k-$25k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k


Nessus ID: 802203
Nessus Name: Microsoft Internet Explorer Cookie Hijacking Vulnerability
Nessus File: smb_nt_ms11-057.nasl
Nessus Risk: Medium
Nessus Family: General
OpenVAS ID: 802203
OpenVAS Name: Microsoft Internet Explorer Cookie Hijacking Vulnerability
OpenVAS File: gb_ms_ie9_cookie_hijacking_vuln.nasl
OpenVAS Family: General
Qualys ID: 100100

Countermeasures

Recommended: Upgrade
Status: Official fix
0-Day Time: 444 days since found

Patch: MS11-057

Timeline

03/16/2010Vulnerability introduced
06/03/2011CVE assigned
06/03/2011NVD disclosed
06/03/2011VulnerabilityCenter entry assigned
06/12/2011VulnerabilityCenter entry created
06/13/2011Nessus plugin released
08/09/2011Advisory disclosed
08/19/2011VulDB entry created
02/15/2015VulnerabilityCenter entry updated
05/02/2016VulDB entry updated

Sources

Advisory: archives.neohapsis.com
Researcher: Rosario Valotta

CVE: CVE-2011-2383 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityFocus: 47989
Secunia: 45565 - Microsoft Internet Explorer Internet Explorer Iframe Cookie Disclosure Weakness, Not Critical
X-Force: 68823
Vulnerability Center: 31723 - [MS11-057] Microsoft Internet Explorer 9 and Earlier Cross-Zone Restrictions Bypass Vulnerability, Medium

See also: 2069, 4383, 57580, 58231, 58233 , 58235

Entry

Created: 08/19/2011
Updated: 05/02/2016
Entry: 92.4% complete