CVE-2011-4689

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

Published: Dec 7, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-4689
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	8	8.x
microsoft / internet_explorer	7	7.x
microsoft / internet_explorer	6	6.x
microsoft / internet_explorer	9	9.x

http://lcamtuf.coredump.cx/cachetime/
http://secunia.com/advisories/47129

Vulnerability Database

289,599

CVE-2011-4689