Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-Free

var oDocumentFragment = document.createDocumentFragment, oElement = document.createElement'x'; oDocumentFragment.appendChildoElement; oElement.style.listStyleImage = "urlx"; oDocumentFragment.removeChildoElement; !-- Exploit I tried a few tricks to see if there was an easy way to reallocate the...

Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the second entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161102001.html. There you can find a repro that...

Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Design/Logic Flaw

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function...

CVE-2014-1770

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function...

Internet Explorer CMarkup Object Handling Use-after-free Vulnerability

Added: 04/17/2014 CVE: CVE-2014-0322 BID: 65551 OSVDB: 103354 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 9 and 10 contain a use-after-free vulnerability in the CMarkup component of the MSHTML...

CVE-2013-3140

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability."...

Design/Logic Flaw

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability."...

CVE-2013-3140

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability."...

CVE-2013-3140

This CVE (CVE-2013-3140) concerns a Use-After-Free in Microsoft Internet Explorer 9. The vulnerability is triggered by visiting a crafted webpage that accesses a deleted CMarkup object, enabling remote code execution. The issue is tied to IE9’s handling of CMarkup, and is documented as a high-sev...