Internet Explorer textNode Style Computation Use After Free Vulnerability

Added: 06/17/2013
CVE: CVE-2013-1311
BID: 59752
OSVDB: 93296

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Internet Explorer 8 is vulnerable to remote code execution as a result of memory corruption when computations on the Document Object Model (DOM) during the application of a style sheet results in corruption of a DOM textNode pointer. A remote attacker who persuades a user to visit a malicious web page that contains specially crafted JavaScript could execute arbitrary code in the context of the vulnerable user.

Resolution

Apply the patch detailed in Microsoft Security Bulletin MS13-037.

References

http://technet.microsoft.com/en-us/security/bulletin/MS13-037
http://secunia.com/advisories/53327/

Limitations

This exploit was tested against Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in Internet Explorer 8 on the target Windows XP machine.

Platforms

Windows XP

Back to exploit index