Microsoft Internet Explorer Time Element Memory Corruption

Added: 09/06/2011
CVE: CVE-2011-1255
BID: 48206
OSVDB: 72947

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. The HTML+Time (Timed Interactive Multimedia Extensions) helps to add timed, animated, multimedia content to HTML documents.

Problem

Microsoft Internet Explorer is vulnerable to remote code execution due to the way it handles the creation and deletion of various HTML+Time 2.0 elements, including t:transitionFilter. The vulnerability can be triggered if an HTML+TIME element is deleted using script during the page rendering, and the freed object pointer is later accessed causing dereferencing of an invalid function pointer when the page is unloaded.

Resolution

Apply the update referenced in Microsoft Security Bulletin 11-050.

References

http://secunia.com/advisories/44914/

Limitations

Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn) with KB959426.

The target user must open the exploit in the affected application.

Platforms

Windows XP

Back to exploit index