| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Microsoft Internet Explorer. This vulnerability affects unknown code of the component Security Zone Setting. The manipulation leads to missing encryption. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.
Details
A vulnerability was found in Microsoft Internet Explorer (Web Browser) (affected version not known) and classified as critical. This issue affects some unknown functionality of the component Security Zone Setting. The manipulation with an unknown input leads to a missing encryption vulnerability. Using CWE to declare the problem leads to CWE-311. The product does not encrypt sensitive or critical information before storage or transmission. Impacted is confidentiality, integrity, and availability.
The weakness was presented 01/01/1999. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1600 according to MITRE ATT&CK.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (377) and Vulnerability Center (SBV-1085†). See VDB-88227, VDB-88226, VDB-88225 and VDB-88224 for similar entries. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
License
Support
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Missing encryptionCWE: CWE-311 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
01/01/1999 🔍01/01/1999 🔍
02/25/2003 🔍
06/28/2016 🔍
04/07/2017 🔍
Sources
Vendor: microsoft.comStatus: Not defined
GCVE (VulDB): GCVE-100-88223
X-Force: 377
Vulnerability Center: 1085 - Microsoft Internet Explorer Security Zone Settings Allow Insecure Form Submission, Low
See also: 🔍
Entry
Created: 06/28/2016 14:41Updated: 04/07/2017 12:15
Changes: 06/28/2016 14:41 (37), 04/07/2017 12:15 (8)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.