Internet Explorer CDisplayPointer Object onpropertychange Use-After-Free

Added: 10/10/2013
CVE: CVE-2013-3897
BID: 62811
OSVDB: 98207


Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.


Microsoft Internet Explorer contains a use-after-free error when processing CDisplayPointer objects contained in mshtml.dll. The use-after-free memory corruption can be triggered by the onpropertychange event. A remote attacker who persuades a user to open a specially crafted web page in a vulnerable version of Internet Explorer could execute arbitrary code in the context of the current user.


Apply the KB2879017 update for Internet Explorer.



Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

JRE 6 must be installed on Windows 7.

The user must open the exploit in Internet Explorer 8.



Back to exploit index