Internet Explorer SLayoutRun CParaElement Node Use After Free

2013-02-28T00:00:00
ID SAINT:8CAA79AF7BE8BAFCAD6DBF964A4C1753
Type saint
Reporter SAINT Corporation
Modified 2013-02-28T00:00:00

Description

Added: 02/28/2013
CVE: CVE-2013-0025
BID: 57830
OSVDB: 90122

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code in the context of the logged-in user when the user loads a specially crafted web page. The vulnerability is due to a use after free error when handling the **CParaElement** node of the **SLayoutRun** class.

Resolution

Apply the updates identified in MS Bulletin MS13-009.

References

<http://secunia.com/advisories/52122/>

Limitations

This exploit was tested against Internet Explorer 8 on Microsoft Windows XP SP3 English with DEP OptIn.

The user must open the exploit in Internet Explorer 8.

Platforms

Windows