Internet Explorer textNode Style Computation Use After Free Vulnerability

2013-06-17T00:00:00
ID SAINT:6ABFCFAEE10AF8A00C0DCC1520F983B7
Type saint
Reporter SAINT Corporation
Modified 2013-06-17T00:00:00

Description

Added: 06/17/2013
CVE: CVE-2013-1311
BID: 59752
OSVDB: 93296

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Internet Explorer 8 is vulnerable to remote code execution as a result of memory corruption when computations on the Document Object Model (DOM) during the application of a style sheet results in corruption of a DOM textNode pointer. A remote attacker who persuades a user to visit a malicious web page that contains specially crafted JavaScript could execute arbitrary code in the context of the vulnerable user.

Resolution

Apply the patch detailed in Microsoft Security Bulletin MS13-037.

References

<http://technet.microsoft.com/en-us/security/bulletin/MS13-037>
<http://secunia.com/advisories/53327/>

Limitations

This exploit was tested against Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in Internet Explorer 8 on the target Windows XP machine.

Platforms

Windows XP