Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D951BB18CD8CD7C1FB1818DB7C6CD798
HistoryJun 28, 2011 - 12:00 a.m.

Internet Explorer DOM modification memory corruption

2011-06-2800:00:00
SAINT Corporation
download.saintcorporation.com
12

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.89 High

EPSS

Percentile

98.7%

JSON

Added: 06/28/2011
CVE: CVE-2011-1256
BID: 48207
OSVDB: 72948

Background

The Document Object Model (DOM) is a convention for interacting with objects in HTML pages.

Problem

A memory corruption vulnerability in Internet Explorer allows command execution when a user loads a specially crafted web page containing multiple javascript modifications. The vulnerability is triggered when Internet Explorer frees an object due to modification, and then attempts to access it later.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 11-050.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-193/&gt;

Limitations

Exploit works on Windows XP SP3 English (DEP OptIn) with KB2393802 and KB959426, and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows XP

Related

checkpoint_advisories 1
securityvulns 2
seebug 1
cve 1
zdi 1
saint 3
prion 1
packetstorm 1
nessus 1
openvas 2
mskb 1
threatpost 1
checkpoint_advisories
checkpoint_advisories
Internet Explorer DOM Modification Remote Code Execution (MS11-050; CVE-2011-1256)
2011-06-14 00:00:00
securityvulns
securityvulns
ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability
2011-06-19 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2011-07-22 00:00:00
seebug
seebug
Microsoft Internet Explorer DOMηΌ–θΎ‘ζœͺεˆε§‹εŒ–ε†…ε­˜θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2011-06-16 00:00:00
cve
cve
CVE-2011-1256
2011-06-16 20:55:00
zdi
zdi
Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability
2011-06-14 00:00:00
saint
saint
Internet Explorer DOM modification memory corruption
2011-06-28 00:00:00
Internet Explorer DOM modification memory corruption
2011-06-28 00:00:00
Internet Explorer DOM modification memory corruption
2011-06-28 00:00:00
prion
prion
Memory corruption
2011-06-16 20:55:00
packetstorm
packetstorm
MS11-050 IE mshtml!CObjectElement Use After Free
2011-06-17 00:00:00
nessus
nessus
MS11-050: Cumulative Security Update for Internet Explorer (2530548)
2011-06-15 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
mskb
mskb
MS11-050: Cumulative Security Update for Internet Explorer: June 14, 2011
2011-06-14 00:00:00
threatpost
threatpost
ExploitHub Offering Bounties – And Residuals – for Exploits
2011-10-05 13:11:31

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.89 High

EPSS

Percentile

98.7%

JSON
Related for SAINT:D951BB18CD8CD7C1FB1818DB7C6CD798
checkpoint_advisories1securityvulns2seebug1cve1zdi1saint3prion1packetstorm1nessus1openvas2mskb1threatpost1