CVE-2011-2382

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Ie
Vendor: CVE Published:; 3 June 2011

Summary

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.

References

http://www.informationweek.com/news/security/vulnerabilit...

x_refsource_MISC

http://conference.hackinthebox.org/hitbsecconf2011ams/?pa...

x_refsource_MISC

http://news.cnet.com/8301-1009_3-20066419-83.html

x_refsource_MISC

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 3, 2011

Collectors

NVD DatabaseMitre Database