Internet Explorer CCaret UpdateScreenCaret Memory Corruption

Added: 10/03/2013
CVE: CVE-2013-3205
BID: 62208
OSVDB: 97094

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Microsoft Internet Explorer contains a use-after-free error that is triggered when handling a CCaret object. The vulnerability exists in the UpdateScreenCaret() function in mshtml.dll. An attacker who convinces a user to open a specially crafted page in the vulnerable version of Internet Explorer could execute arbitrary code in the context of the user.

Resolution

Apply the KB2870699 update for Internet Explorer.

References

http://www.zerodayinitiative.com/advisories/ZDI-13-217/

Limitations

The user must open the exploit in Internet Explorer 8.

JRE 6 must be installed on Windows 7.

Platforms

Windows

Back to exploit index