3 matches found
Microsoft IE CSS竞争条件远程代码执行漏洞(MS09-072)
BUGTRAQ ID: 37212 CVE ID: CVE-2009-3673 Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器。 在CSS两个元素之间快速的反复点击切换可能触发竞争条件,导致调用悬浮指针,这可以通过heap spray进一步利用。攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 8.0 Microsoft Internet Explorer 7.0 临时解决方法: 将Internet...
CVE-2009-3673
Microsoft Internet Explorer 7/8 are affected by CVE-2009-3673 (Uninitialized Memory Corruption). A remote code execution vulnerability exists due to improper handling of memory for objects that are uninitialized or deleted, exploitable via a specially crafted web page and potentially via heap spr...
Internet Explorer Page Refresh Uninitialized Memory Corruption (MS09-072; CVE-2009-3673)
Microsoft Internet Explorer is the most widely used Internet browser. A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigge...