Microsoft IE CStyleSheet对象释放后使用漏洞（MS10-035）

BUGTRAQ ID: 40417 CVE ID: CVE-2010-1262 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer对CStyleSheet对象支持的实现方式中存在释放后使用漏洞。在创建样式表数组时，其中会包含有对其根容器的引用。如果所创建的样式表不属于标记中元素，则在销毁元素时也会释放根容器。之后应用再试图使用样式表时就会使用无效的指针，导致以当前用户权限执行任意代码。 Microsoft Internet Explorer 8.0 Microsoft Internet Explorer 7.0...

Patch Tuesday: Microsoft Kills Pwn2Own Browser Bug

The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities. Three of the bulletins are rated “critical” because of the risk of remote code execution attacks. Affected products include the Windows...

Internet Explorer toStaticHTML Information Disclosure (MS10-035; CVE-2010-1257)

An information disclosure vulnerability has been reported in Internet Explorer. The vulnerability is due to the way IInternet Explorer handles content using specific strings when sanitizing HTML. To trigger this issue, an attacker may create a malicious web page that will cause Internet Explorer ...