CVE-2021-27085: Internet Explorer Remote Code Execution Vulnerability
Overview
- Severity
- High (CVSS 8.8)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
- Category
- Remote Code Execution
- Exploit Status
- Actively Exploited
- Exploitation Likelihood
- Detected
- Patch Tuesday
- 2021-Mar
- Released
- 2021-03-09
- Last Updated
- 2021-03-12
- EPSS Score
- 1.62% (percentile: 81.8%)
- CISA KEV
- Listed — due 2021-11-17
Affected Products (16)
Browser
- Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems
- Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems
- Internet Explorer 11 on Windows Server 2019
- Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems
- Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems
- Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems
Security Updates (4)
Acknowledgments
Chi-Yu You and Dhanesh Kizhakkinan of FireEye Inc.
Revision History
- 2021-03-09: Information published.
- 2021-03-12: Added an acknowledgement and changed the Exploited flag to Yes. This is an informational update only.