Internet Explorer Eventparam use-after-free vulnerability

Added: 01/20/2010
CVE: CVE-2010-0249
BID: 37815
OSVDB: 61697

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A vulnerability in the Eventparam function can cause Internet Explorer's HTML engine to access memory that has already been freed, allowing command execution when a user loads a specially crafted page.

Resolution

See Microsoft Security Advisory 979352 for fix information.

References

http://www.kb.cert.org/vuls/id/492515

Limitations

Exploit works on Windows XP and requires a user to load the exploit page in Internet Explorer 6.

Platforms

Windows XP

Back to exploit index