Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8496)

A type confusion vulnerability exists in Microsoft Edge. The vulnerability is due to a CAttribute object being confused for a CAttrArray object by the PrivateFindInl method. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

Microsoft Internet Explorer 9 MSHTML CAttrArray Use-After-Free

Exploit for windows platform in category dos / poc Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the first entry in that series. The below information is also available on my blog at...

Microsoft Internet Explorer 9 - MSHTML CAttrArray Use-After-Free (MS14-056)

oTextArea = document.createElement'textarea'; oTextArea.dataSrc = 1; oTextArea.id = 1; oTextArea.innerHTML = 1; oTextArea.onvolumechange = 1; oTextArea.style.setProperty'list-style', "url"; !-- Analysis The CAttrArray object initially allocates a CImplAry buffer of 0x40 bytes, which can store 4...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2016-01665)

Internet Explorer is a web browser from Microsoft. Internet Explorer versions 7 through 11 suffer from a memory corruption vulnerability in the implementation of the CAttrArray object via malformed CSS token sequences and modification of HTML elements. An attacker can exploit this vulnerability t...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2016-01599)

Microsoft Internet Explorer IE is a Web browser developed by Microsoft and is the default browser that comes with the Windows operating system.CAttrArray object is one of the CAttrArray objects. A security vulnerability exists in the implementation of the CAttrArray object in Microsoft Internet...

Type confusion

The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service type confusion and memory corruption via a malformed Cascading Style Sheets CSS token sequence in conjunction with modifications to HTML...

CVE-2015-6184

The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service type confusion and memory corruption via a malformed Cascading Style Sheets CSS token sequence in conjunction with modifications to HTML...

CVE-2015-6184

Microsoft Internet Explorer 7–11 is affected by a memory corruption/type-confusion vulnerability in the CAttrArray object implementation that can be triggered by a malformed CSS token sequence and HTML element modifications, enabling remote code execution or denial of service. Connected sources (...

Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2015-08009)

Internet Explorer is a web browser from Microsoft. A security vulnerability exists in Internet Explorer 11's handling of style attributes. By tampering with document elements, an attacker can force an array allocated by a CAttrArray object to be reused after release and then execute arbitrary cod...

Microsoft Internet Explorer CAttrArray Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Microsoft Edge CAttrArray Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge...

Microsoft Internet Explorer Memory Corruption (MS15-124: CVE-2015-6143)

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in manipulating CAttrArray objects. Successful exploitation could cause memory corruption in a way that would allow attackers to execute code on the target...

Microsoft Internet Explorer CAttrArray Memory Misreference Remote Code Execution Vulnerability

Internet Explorer is a web browser from Microsoft. An arbitrary code execution vulnerability exists in the implementation of Microsoft Internet Explorer when handling CAttrArray objects. A remote attacker can exploit this vulnerability by manipulating document elements to reuse a freed hanging...

Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Exploit 0day

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Four IE browser 0day vulnerability is released-vulnerability warning-the black bar safety net

Hewlett-Packard's Zero-Day Initiative ZDIteam has published four against Microsoft IE browser 0day vulnerabilities, these vulnerabilities can cause the victim host to be the remote execution of malicious code. All four of these vulnerabilities were reported to Microsoft, was originally for the...

(0Day) Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...