CVE-2011-2383
Last modified
CVE-2011-2383 is a vulnerability of currently unknown severity. Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.. EPSS estimates a 20.85% chance of exploitation in the next 30 days.
Description
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Ie | 9 | Beta |
| Microsoft | Internet Explorer | <= 9 | — |
| Microsoft | Internet Explorer | 3.0 | — |
| Microsoft | Internet Explorer | 4.0 | — |
| Microsoft | Internet Explorer | 5 | — |
| Microsoft | Internet Explorer | 6 | — |
| Microsoft | Internet Explorer | 7 | — |
| Microsoft | Internet Explorer | 8 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-2383?
How severe is CVE-2011-2383?
How do I fix CVE-2011-2383?
Are you affected by CVE-2011-2383?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST