Improper input validation in Microsoft Ie
CVE-2011-2383
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.208 (97.2th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Ie — versions 9
- Microsoft Internet_explorer — versions 3.0, 4.0, 5
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MS, vendor-advisory)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (signature, x_refsource_OVAL, vdb-entry)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)