CVE-2021-26411

Internet Explorer Memory Corruption Vulnerability

CVSS 8.8 HIGHEPSS 81.1%● KEVCWE-416

In short

Internet Explorer has a memory corruption flaw that allows attackers to crash the browser or potentially execute malicious code when visiting specially crafted websites. This is dangerous because it affects millions of Windows users who still rely on Internet Explorer.

Technical detail

A use-after-free vulnerability (CWE-416) in Internet Explorer allows remote code execution through malicious web content. The attack requires user interaction (visiting a crafted webpage), and successful exploitation can lead to arbitrary code execution with the privileges of the affected user.

Summary generated and translated by AI from the official description.

Internet Explorer Memory Corruption Vulnerability

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C

Affected products

Microsoft · Internet Explorer 11 Microsoft · Internet Explorer 9 Microsoft · Microsoft Edge (EdgeHTML-based)

public PoCs found — 1

githubgithub.com/CrackerCat/CVE-2021-26411★ 2

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26411