CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.1%
Added: 09/06/2011
CVE: CVE-2011-1255
BID: 48206
OSVDB: 72947
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. The **HTML+Time**
(Timed Interactive Multimedia Extensions) helps to add timed, animated, multimedia content to HTML documents.
Microsoft Internet Explorer is vulnerable to remote code execution due to the way it handles the creation and deletion of various **HTML+Time**
2.0 elements, including **t:transitionFilter**
. The vulnerability can be triggered if an **HTML+TIME**
element is deleted using script during the page rendering, and the freed object pointer is later accessed causing dereferencing of an invalid function pointer when the page is unloaded.
Apply the update referenced in Microsoft Security Bulletin 11-050.
<http://secunia.com/advisories/44914/>
Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn) with KB959426.
The target user must open the exploit in the affected application.
Windows XP