Internet Explorer DOM modification memory corruption

Added: 06/28/2011
CVE: CVE-2011-1256
BID: 48207
OSVDB: 72948

Background

The Document Object Model (DOM) is a convention for interacting with objects in HTML pages.

Problem

A memory corruption vulnerability in Internet Explorer allows command execution when a user loads a specially crafted web page containing multiple javascript modifications. The vulnerability is triggered when Internet Explorer frees an object due to modification, and then attempts to access it later.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 11-050.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-193/

Limitations

Exploit works on Windows XP SP3 English (DEP OptIn) with KB2393802 and KB959426, and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows XP

Back to exploit index