Internet Explorer CGenericElement Object Use-after-free Vulnerability

Added: 05/08/2013
CVE: CVE-2013-1347
BID: 59641
OSVDB: 92993

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This use-after-free vulnerability is triggered when handling CGenericElement objects.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 13-028.

References

http://technet.microsoft.com/en-us/security/advisory/2847140
https://technet.microsoft.com/en-us/security/bulletin/ms13-028

Limitations

This exploit was tested against Microsoft Internet Explorer 8 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

Successful exploit on Windows 7 requires that JRE 6 be installed.

Platforms

Windows

Back to exploit index