Internet Explorer XML data binding memory corruption

Added: 12/12/2008
CVE: CVE-2008-4844
BID: 32721
OSVDB: 50622

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags, resulting in accessing of memory space of a deleted object.

Resolution

Apply one of the workarounds suggested in Microsoft Security Advisory 961051.

References

http://www.kb.cert.org/vuls/id/493881

Limitations

Exploit works on Internet Explorer 7 and requires a user to load the exploit page.

The reliability of this exploit may depend upon the system's memory state.

Platforms

Windows

Back to exploit index