(Pwn2Own) Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2010-3328

Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."...

CVE-2010-3328

CVE-2010-3328 is an Uninitialized Memory Corruption vulnerability in Internet Explorer (mshtml.dll) affecting IE6–IE8. The root cause is memory corruption when IE accesses an object that has not been initialized or has been deleted, enabling remote code execution with the caller’s privileges if a...

Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft IE CAttrArray对象远程代码执行漏洞（MS09-072）

BUGTRAQ ID: 37213 CVE ID: CVE-2009-3674 Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器。 Internet Explorer在解除分配对CAttrArray对象的循环引用期间存在内存破坏漏洞。如果在关闭网页之前释放了CAttrArray对象，IE在解除分配循环指针期间会访问已释放的内存，这可能导致以当前登录用户的权限执行任意指令。 Microsoft Internet Explorer 8.0 临时解决方法： 将Internet...

Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists during deallocation of a circula...

Microsoft Internet Explorer 'CAttrArray' Object Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...