CVE-2021-26411
HIGH
2021-03-11
[email protected]
8.8
CVSS 3.1
Share
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
Low
Lifecycle Timeline
4
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Oct 30, 2025 - 19:56 cisa
CISA KEV
Patch Released
Oct 30, 2025 - 19:56 nvd
Patch available
CVE Published
Mar 11, 2021 - 16:15 nvd
HIGH 8.8
Description
Internet Explorer Memory Corruption Vulnerability
Analysis
Internet Explorer contains a memory corruption vulnerability exploited by the Lazarus Group (North Korea) in campaigns targeting security researchers via social engineering and malicious websites in early 2021.
Technical Context
The CWE-416 use-after-free in IE's rendering engine enables code execution when processing specially crafted HTML/JavaScript content. The exploit achieved reliable execution through heap manipulation techniques.
Affected Products
['Microsoft Internet Explorer', 'Affected Windows versions']
Remediation
Use modern browsers exclusively. Apply Microsoft security update. Security researchers should use isolated VMs for browsing untrusted content.
Priority Score
54
Low
Medium
High
Critical
KEV: +50
EPSS: +92.5
CVSS: +44
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).