26 matches found
Microsoft Internet Explorer jscript9 - JavaScriptStackWalker Memory Corruption (MS15-056)
Source: http://blog.skylined.nl/20161206001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. A pointer set up to point to certain data on the stack can be used after that data has been removed from the stack. This results i...
Microsoft Internet Explorer 9 IEFRAME CMarkup..RemovePointerPos Use-After-Free
Since November I have been releasing details on all vulnerabilities I found that I have not released before. This is the 32nd entry in the series. This information is available in more detail on my blog at http://blog.skylined.nl/20161214001.html. There you can find a repro that triggered this...
Microsoft Internet Explorer 9 - IEFRAME CSelectionInteractButtonBehavior::_UpdateButtonLocation Use-After-Free (MS13-047)
function go document.execCommand'SelectAll'; document.execCommand'superscript'; setTimeoutfunction oSupElement=document.getElementsByTagName'sup'0; oSupElement.swapNodedocument.documentElement; , 0; !-- Time-line 27 September 2012: This vulnerability was found through fuzzing. 3...
Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1)
Exploit for windows platform in category dos / poc window.onload=functionlocation.reload;; text .float float:left; .zoom zoom:3000%; .border::first-let...
Microsoft Internet Explorer 9 - MSHTML CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1)
Microsoft Internet Explorer 9 - MSHTML CDispNode::InsertSiblingNode Use-After-Free MS13-037 1 window.onload=functionlocation.reload;; text .float float:left; .zoom zoom:3000%; .border::first-letter...
Microsoft Internet Explorer 9 - MSHTML CElement::HasFlag Memory Corruption
// First tag can be any inline but must NOT be closed yet // Second tag can be anything that's not inline. // "text1" can be anything document.write'text1'; // The tree is in good shape. show"DOM Tree after first write", getElementTreedocument.body; // At this point, it appears that MSIE is sti...
Microsoft Internet Explorer 9 - MSHTML CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (2)
!-- Source: http://blog.skylined.nl/20161208001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability. Known...
Microsoft Internet Explorer 9 - 'jscript9' JavaScriptStackWalker Memory Corruption (MS15-056)
var oWindow = window.open"about:blank"; oWindow.execScript'window.oURIError = new URIError;oURIError.name = oURIError;' try "" + oWindow.oURIError; catche try "" + oWindow.oURIError; catche Description A Javascript can construct an URIError object and sets that object's name property to...
Microsoft Internet Explorer 9 CDoc::ExecuteScriptUri Use-After-Free
Since November I have been releasing details on all vulnerabilities I found in web-browsers that I had not released before. I will try to continue to publish all my old vulnerabilities, including those not in web-browser, as long as I can find some time to do so. If you find this information...
Microsoft Edge and Internet Explorer XSS Filter CVE-2016-7239 Information Disclosure Vulnerability
Description Microsoft Edge and Internet Explorer are prone to an information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute...
Microsoft Internet Explorer 9 - MSHTML CPtsTextParaclient::CountApes Out-of-Bounds Read
oElement1 position: absolute; oElement2:after position: relative; content: counterx; onload = function oElement1 = document.createElement'oElement1'; document.documentElement.appendChildoElement1; oElement2 = document.createElement'oElement2'; document.documentElement.appendChildoElement2; ; !--...
Microsoft Internet Explorer 9 - MSHTML CAttrArray Use-After-Free (MS14-056)
oTextArea = document.createElement'textarea'; oTextArea.dataSrc = 1; oTextArea.id = 1; oTextArea.innerHTML = 1; oTextArea.onvolumechange = 1; oTextArea.style.setProperty'list-style', "url"; !-- Analysis The CAttrArray object initially allocates a CImplAry buffer of 0x40 bytes, which can store 4...
Microsoft Internet Explorer CVE-2014-6323 Clipboard Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Internet Explorer 7, 8, 9, 10, and 11 are vulnerable. Technologies Affected Avaya Aura Conferencing Standa...
Microsoft Internet Explorer CVE-2014-4140 ASLR Security Bypass Vulnerability
Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Avaya Aura Conferencing Standar...
Microsoft Internet Explorer CVE-2014-4110 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Internet Explorer CVE-2014-0322 Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Internet Explorer Multiple Vulnerabilities (2909921)
This host is missing a critical security update according to Microsoft Bulletin MS14-010. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microsoft Internet Explorer CVE-2014-0268 Remote Privilege Escalation Vulnerability
Description Microsoft Internet Explorer is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avay...
CVE-2013-3145
Microsoft Internet Explorer 9 is affected by CVE-2013-3145 (memory corruption) via a crafted web site. It is a separate issue from CVE-2013-3150. The vulnerability is addressed by Microsoft's MS13-055 security bulletin; patching IE9 (and related components) is the recommended remediation. Exploit...
Microsoft Internet Explorer CVE-2013-3150 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 9 is affected...