Internet Explorer textNode Style Computation Use After Free Vulnerability
Added: 06/17/2013CVE: CVE-2013-1311
BID: 59752
OSVDB: 93296
Background
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.Problem
Internet Explorer 8 is vulnerable to remote code execution as a result of memory corruption when computations on the Document Object Model (DOM) during the application of a style sheet results in corruption of a DOM textNode pointer. A remote attacker who persuades a user to visit a malicious web page that contains specially crafted JavaScript could execute arbitrary code in the context of the vulnerable user.Resolution
Apply the patch detailed in Microsoft Security Bulletin MS13-037.References
http://technet.microsoft.com/en-us/security/bulletin/MS13-037http://secunia.com/advisories/53327/
Limitations
This exploit was tested against Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn).The user must open the exploit in Internet Explorer 8 on the target Windows XP machine.
Platforms
Windows XPBack to exploit index