Microsoft Internet Explorer Time Element Memory Corruption

2011-09-06T00:00:00
ID SAINT:BE1BA63405F26D24139208C8F7C4CED0
Type saint
Reporter SAINT Corporation
Modified 2011-09-06T00:00:00

Description

Added: 09/06/2011
CVE: CVE-2011-1255
BID: 48206
OSVDB: 72947

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. The **HTML+Time** (Timed Interactive Multimedia Extensions) helps to add timed, animated, multimedia content to HTML documents.

Problem

Microsoft Internet Explorer is vulnerable to remote code execution due to the way it handles the creation and deletion of various **HTML+Time** 2.0 elements, including **t:transitionFilter**. The vulnerability can be triggered if an **HTML+TIME** element is deleted using script during the page rendering, and the freed object pointer is later accessed causing dereferencing of an invalid function pointer when the page is unloaded.

Resolution

Apply the update referenced in Microsoft Security Bulletin 11-050.

References

<http://secunia.com/advisories/44914/>

Limitations

Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn) with KB959426.

The target user must open the exploit in the affected application.

Platforms

Windows XP