Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:51614639FBE6F6E02C8C4D95404AF476
HistorySep 19, 2011 - 12:00 a.m.

Microsoft Internet Explorer layout-grid-char Style Property Use-After-Free Memory Corruption

2011-09-1900:00:00
SAINT Corporation
download.saintcorporation.com
21

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.7%

JSON

Added: 09/19/2011
CVE: CVE-2011-1260
BID: 48208
OSVDB: 72950

Background

Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.

Problem

A use-after-free vulnerability exists in Microsoft’s Internet Explorer layout engine (in mshtml.dll) when handling extra-large values for the layout-grid-char property. The resultant memory corruption can be exploited by a remote, unauthenticated attacker to execute arbitrary code in the context of the currently logged in user.

Resolution

Apply a patch as described in Microsoft Security Bulletin MS11-050.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-194/&gt;
<http://secunia.com/advisories/44914/&gt;

Limitations

Exploit works on Internet Explorer 8 on Microsoft Windows SP3 English with security update KB959426, and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows XP

Related

checkpoint_advisories 1
securityvulns 2
saint 3
prion 1
cve 1
zdi 1
threatpost 1
openvas 2
mskb 1
nessus 1
checkpoint_advisories
checkpoint_advisories
Internet Explorer Layout Object Memory Corruption (MS11-050; CVE-2011-1260)
2011-06-14 00:00:00
securityvulns
securityvulns
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
2011-06-19 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2011-07-22 00:00:00
saint
saint
Microsoft Internet Explorer layout-grid-char Style Property Use-After-Free Memory Corruption
2011-09-19 00:00:00
Microsoft Internet Explorer layout-grid-char Style Property Use-After-Free Memory Corruption
2011-09-19 00:00:00
Microsoft Internet Explorer layout-grid-char Style Property Use-After-Free Memory Corruption
2011-09-19 00:00:00
prion
prion
Memory corruption
2011-06-16 20:55:00
cve
cve
CVE-2011-1260
2011-06-16 20:55:00
zdi
zdi
Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
2011-06-14 00:00:00
threatpost
threatpost
Researcher Finds Technique to Bypass Microsoft's EMET Protections
2012-08-09 14:28:45
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
mskb
mskb
MS11-050: Cumulative Security Update for Internet Explorer: June 14, 2011
2011-06-14 00:00:00
nessus
nessus
MS11-050: Cumulative Security Update for Internet Explorer (2530548)
2011-06-15 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:51614639FBE6F6E02C8C4D95404AF476
checkpoint_advisories1securityvulns2saint3prion1cve1zdi1threatpost1openvas2mskb1nessus1