Internet Explorer COL SPAN Heap Overflow

Added: 08/06/2012
CVE: CVE-2012-1876
BID: 53848
OSVDB: 82866


Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.


Internet Explorer allows websites to utilize Javascript to create dynamic web content. As such, websites can include scripts that modify the website at run-time. The browser needs to manage the modifications of objects that are altered at run-time. Internet Explorer does not properly handle memory allocations when a modification to the SPAN attribute of table COL field is made, where the table table-layout style is set to 'fixed'. This can result in an exploitable heap overflow condition.


Apply the patch referenced in Microsoft Security Bulletin 12-037.



This exploit has been tested against Microsoft Internet Explorer 8 with KB2675157 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).



Back to exploit index