ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-035 February 22, 2012 - -- CVE ID: CVE-2012-0011 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...

Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML...

MS12-004 midiOutPlayNextPolyEvent Heap Overflow

This module exploits a heap overflow vulnerability in the Windows Multimedia Library winmm.dll. The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using the Windows Media Player ActiveX control. Exploitation is done by supplying a speciall...

MS11-003 Microsoft Internet Explorer CSS Recursive Import Use After Free

This module exploits a memory corruption vulnerability within Microsoft's HTML engine mshtml. When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the...

Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (MS10-090) (Metasploit)

$Id: ms10090iecssclip.rb 11610 2011-01-20 19:30:59Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2011-0346

Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the DOM implementation and the BreakAASpecial and...

CVE-2011-0346

Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the DOM implementation and the BreakAASpecial and...

Internet Explorer CSS SetUserClip Memory Corruption

$Id: ms10090iecssclip.rb 11331 2010-12-14 18:41:20Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Internet Explorer CSS Tags Memory Corruption

$Id: ms10xxxiecssclip.rb 10912 2010-11-05 00:08:55Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft Internet Explorer MSHTML Uninitialized Memory Corruption (MS10-071; CVE-2010-3331)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted when a document in an HTML format is opened in Microsoft Word. To trigger this issue, ...

Microsoft Internet Explorer - MSHTML Findtext Processing

/textarea function Search var textinput = document.getElementById"Abysssec"; var textRange = textinput.createTextRange; textRange.findTextunescape"%u4141",-1; textRange.selectdocument.getElementById'd'; document.body.appendChildtextinput; Abysssec...

Code to mitigate IE event zero-day (CVE-2010-0249)

Here's a mitigation for the CVE-2010-0249 IE createEventObject srcElement zero-day. Quite simply, it just disables the createEventObject method by mangling its name in memory. If anyone knows an important web application that uses createEventObject, please respond to the mailing list. Use this co...

MS09-023: Vulnerability in Windows Search Could Allow Information Disclosure (963093)

The remote Windows host contains a version of Windows Search that has a flaw in the way it uses MSHTML a.k.a. Trident to render HTML content that could result in information disclosure. If an attacker can trick a user on the affected host into putting a specially crafted HTML file on the system o...

Переполнение буфера в MSHTML

Определенные манипуляции с javascript приводят к переполнению буфера...