Internet Explorer textNode Style Computation Use After Free Vulnerability

Added: 06/17/2013
CVE: CVE-2013-1311
BID: 59752
OSVDB: 93296


Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.


Internet Explorer 8 is vulnerable to remote code execution as a result of memory corruption when computations on the Document Object Model (DOM) during the application of a style sheet results in corruption of a DOM textNode pointer. A remote attacker who persuades a user to visit a malicious web page that contains specially crafted JavaScript could execute arbitrary code in the context of the vulnerable user.


Apply the patch detailed in Microsoft Security Bulletin MS13-037.



This exploit was tested against Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in Internet Explorer 8 on the target Windows XP machine.


Windows XP

Back to exploit index