CVE-2011-1996

Published: Oct 12, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."

Affected (3)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6

Running on/with	Platform Versions
Microsoft Windows Xp	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7

Configuration C

1 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 8

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

References (4)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081

Source: secure@microsoft.com

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12896

Source: secure@microsoft.com

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12896

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.