Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. The
**HTML+Time** (Timed Interactive Multimedia Extensions) helps to add timed, animated, multimedia content to HTML documents.
Microsoft Internet Explorer is vulnerable to remote code execution due to the way it handles the creation and deletion of various
**HTML+Time** 2.0 elements, including
**t:transitionFilter**. The vulnerability can be triggered if an
**HTML+TIME** element is deleted using script during the page rendering, and the freed object pointer is later accessed causing dereferencing of an invalid function pointer when the page is unloaded.
Apply the update referenced in Microsoft Security Bulletin 11-050.
Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn) with KB959426.
The target user must open the exploit in the affected application.