Internet Explorer COL SPAN Heap Overflow

Added: 08/06/2012
CVE: CVE-2012-1876
BID: 53848
OSVDB: 82866

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Internet Explorer allows websites to utilize Javascript to create dynamic web content. As such, websites can include scripts that modify the website at run-time. The browser needs to manage the modifications of objects that are altered at run-time. Internet Explorer does not properly handle memory allocations when a modification to the SPAN attribute of table COL field is made, where the table table-layout style is set to 'fixed'. This can result in an exploitable heap overflow condition.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 12-037.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-093/
http://www.microsoft.com/technet/security/bulletin/MS12-037.mspx
http://support.microsoft.com/default.aspx?scid=kb;EN-US;2699988

Limitations

This exploit has been tested against Microsoft Internet Explorer 8 with KB2675157 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows

Back to exploit index