Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability

Added: 09/05/2013
CVE: CVE-2013-3184
BID: 61668
OSVDB: 96182

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A user-after-free vulnerability when handling the InsertImage command identifier of CFlatMarkupPointer objects in a web page allows arbitrary command execution.

Resolution

Apply the update referenced in Microsoft Security Bulletin 13-059.

References

http://www.zerodayinitiative.com/advisories/ZDI-13-195/

Limitations

This exploit was tested against Microsoft Internet Explorer 9 on Windows 7 SP1 (DEP OptIn).

JRE 6 must be installed on Windows 7.

The user must open the exploit file in Microsoft Internet Explorer 9.

Platforms

Windows

Back to exploit index