Added: 05/08/2013
CVE: CVE-2013-1347
BID: 59641
OSVDB: 92993
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This use-after-free vulnerability is triggered when handling CGenericElement objects.
Apply the patch referenced in Microsoft Security Bulletin 13-028.
<http://technet.microsoft.com/en-us/security/advisory/2847140>
<https://technet.microsoft.com/en-us/security/bulletin/ms13-028>
This exploit was tested against Microsoft Internet Explorer 8 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).
Successful exploit on Windows 7 requires that JRE 6 be installed.
Windows