CVE-2021-26411

Description from NVD

Internet Explorer Memory Corruption Vulnerability

Information Acquisition Date:2021-04-27T11:09Z
CVSS 2.0: 5.1 MEDIUM CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:H/Au:N/C:P/I:P/A:P

NVD References

 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411
     source:MISC
     tags:Patch    Vendor Advisory    

This vulnerability may involve a PoC.

Description from Forti

Internet Explorer Memory Corruption Vulnerability

This indicates an attack attempt to exploit a Memory Corruption Vulnerability in Microsoft Internet Explorer.The vulnerability is due to an error when the vulnerable software attempts to handle a maliciously crafted web page. An attacker can exploit this by tricking a user into visiting a malicious webpage and execute arbitrary code within the context of the application.

Information Acquisition Date:2021/03/11

Affected Products

Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems
Internet Explorer 11 on Windows Server, version 1903 (Server Core installation)
Internet Explorer 11 on Windows Server, version 1909 (Server Core installation)
Internet Explorer 11 on Windows Server, version 2004 (Server Core installation)
Internet Explorer 11 on Windows Server, version 20H2 (Server Core Installation)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/2021-26411

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://lists.astaro.com/ASGV9-IPS-rules.html22
http://feedproxy.google.com/~r/Snort/~3/IPLJe3uibuU/snort-r...5
https://twitter.com/search?src=sprv&q=CVE-2021-264114
https://www.reddit.com/r/netsec/comments/mor7kd/exploiting_...3
https://www.tenable.com/blog/microsoft-s-march-2021-patch-t...3
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2...3
https://iamelli0t.github.io/2021/03/12/CVE-2021-26411.html3
https://threatresearch.ext.hp.com/purple-fox-exploit-kit-no...3
https://googleprojectzero.github.io/0days-in-the-wild/0day-...3

Information from Twitter

User URL Info Source Date
tehtris https://bit.ly/3FVm4az Source tehtris          1590621936207335426 2022/11/10
tehtris https://twitter.com/tehtris/status/1589975730737532928 Source tehtris          1590621936207335426 2022/11/10
tehtris https://twitter.com/tehtris/status/1590621936207335426/photo/1 Source tehtris          1590621936207335426 2022/11/10
attritionorg https://www.hybrid-analysis.com/sample/0661fc4eb09e99ba4d8e... Source attritionorg     1593335972002930688 2022/11/18

List of frequently cited URLs

URLNum of Times Referred to
lists.astaro.com22
feedproxy.google.com5
twitter.com4
www.reddit.com3
www.tenable.com3
msrc.microsoft.com3
iamelli0t.github.io3
threatresearch.ext.hp.com3
googleprojectzero.github.io3

Information from Twitter

User URL Info Source
tehtris bit.ly Show Tweet
tehtris twitter.com Show Tweet
tehtris twitter.com Show Tweet
attritionorg hybrid-analysis.com Show Tweet
GitHub Search Results: Up to 10
NameURL
KAB8345/CVE-2021-26411 https://github.com/KAB8345/CVE-2021-26411
GitHub Search Results: Up to 10
NameURL
KAB8345/CVE-2021-26411 github.com
2022/11/18 Score : 0
Added Har-sia Database : 2021/03/10
Last Modified : 2022/11/18
Highest Scored Date : 2021/03/10
Highest Score : 48