CVE-2011-1997

Published: Oct 12, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability."

Affected (1)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6

Running on/with	Platform Versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13204

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13204

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.