Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:61D38DA061F79D19639152A3BF22A974
HistoryJun 28, 2011 - 12:00 a.m.

Internet Explorer DOM modification memory corruption

2011-06-2800:00:00
SAINT Corporation
my.saintcorporation.com
30

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.886

Percentile

98.7%

JSON

Added: 06/28/2011
CVE: CVE-2011-1256
BID: 48207
OSVDB: 72948

Background

The Document Object Model (DOM) is a convention for interacting with objects in HTML pages.

Problem

A memory corruption vulnerability in Internet Explorer allows command execution when a user loads a specially crafted web page containing multiple javascript modifications. The vulnerability is triggered when Internet Explorer frees an object due to modification, and then attempts to access it later.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 11-050.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-193/&gt;

Limitations

Exploit works on Windows XP SP3 English (DEP OptIn) with KB2393802 and KB959426, and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows XP

Related

checkpoint_advisories 1
nvd 1
zdi 1
cvelist 1
seebug 1
cve 1
securityvulns 2
saint 3
packetstorm 1
prion 1
zdt 1
exploitdb 1
nessus 1
openvas 2
mskb 1
threatpost 1
checkpoint_advisories
checkpoint_advisories
Internet Explorer DOM Modification Remote Code Execution (MS11-050; CVE-2011-1256)
2011-06-14 00:00:00
nvd
nvd
CVE-2011-1256
2011-06-16 20:55:01
zdi
zdi
Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability
2011-06-14 00:00:00
cvelist
cvelist
CVE-2011-1256
2011-06-16 20:21:00
seebug
seebug
Microsoft Internet Explorer DOMηΌ–θΎ‘ζœͺεˆε§‹εŒ–ε†…ε­˜θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2011-06-16 00:00:00
cve
cve
CVE-2011-1256
2011-06-16 20:55:01
securityvulns
securityvulns
ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability
2011-06-19 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2011-07-22 00:00:00
saint
saint
Internet Explorer DOM modification memory corruption
2011-06-28 00:00:00
Internet Explorer DOM modification memory corruption
2011-06-28 00:00:00
Internet Explorer DOM modification memory corruption
2011-06-28 00:00:00
packetstorm
packetstorm
MS11-050 IE mshtml!CObjectElement Use After Free
2011-06-17 00:00:00
prion
prion
Memory corruption
2011-06-16 20:55:00
zdt
zdt
MS11-050 IE mshtml!CObjectElement Use After Free
2011-06-17 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - MSHTML!CObjectElement Use-After-Free (MS11-050) (Metasploit)
2011-06-17 00:00:00
nessus
nessus
MS11-050: Cumulative Security Update for Internet Explorer (2530548)
2011-06-15 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
mskb
mskb
MS11-050: Cumulative Security Update for Internet Explorer: June 14, 2011
2011-06-14 00:00:00
threatpost
threatpost
ExploitHub Offering Bounties – And Residuals – for Exploits
2011-10-05 13:11:31

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.886

Percentile

98.7%

JSON
Related for SAINT:61D38DA061F79D19639152A3BF22A974
checkpoint_advisories1nvd1zdi1cvelist1seebug1cve1securityvulns2saint3packetstorm1prion1zdt1exploitdb1nessus1openvas2mskb1threatpost1