Microsoft Internet Explorer layout-grid-char Style Property Use-After-Free Memory Corruption

Added: 09/19/2011
CVE: CVE-2011-1260
BID: 48208
OSVDB: 72950


Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.


A use-after-free vulnerability exists in Microsoft's Internet Explorer layout engine (in mshtml.dll) when handling extra-large values for the layout-grid-char property. The resultant memory corruption can be exploited by a remote, unauthenticated attacker to execute arbitrary code in the context of the currently logged in user.


Apply a patch as described in Microsoft Security Bulletin MS11-050.



Exploit works on Internet Explorer 8 on Microsoft Windows SP3 English with security update KB959426, and requires a user to open the exploit page in Internet Explorer.


Windows XP

Back to exploit index