CVE-2021-26411
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Lifecycle Timeline
4DescriptionCVE.org
Internet Explorer Memory Corruption Vulnerability
AnalysisAI
Internet Explorer contains a memory corruption vulnerability exploited by the Lazarus Group (North Korea) in campaigns targeting security researchers via social engineering and malicious websites in early 2021.
Technical ContextAI
The CWE-416 use-after-free in IE's rendering engine enables code execution when processing specially crafted HTML/JavaScript content. The exploit achieved reliable execution through heap manipulation techniques.
Affected ProductsAI
Microsoft Internet Explorer Affected Windows versions
RemediationAI
Use modern browsers exclusively. Apply Microsoft security update. Security researchers should use isolated VMs for browsing untrusted content.
Same weakness CWE-416 – Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today