CVE-2011-4695

Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Published: Dec 7, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-4695
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_7	--sp1	--sp1.x

http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov
https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html

Vulnerability Database

289,599

CVE-2011-4695