CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.9%
Added: 09/19/2011
CVE: CVE-2011-1260
BID: 48208
OSVDB: 72950
Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.
A use-after-free vulnerability exists in Microsoft’s Internet Explorer layout engine (in mshtml.dll) when handling extra-large values for the layout-grid-char property. The resultant memory corruption can be exploited by a remote, unauthenticated attacker to execute arbitrary code in the context of the currently logged in user.
Apply a patch as described in Microsoft Security Bulletin MS11-050.
<http://www.zerodayinitiative.com/advisories/ZDI-11-194/>
<http://secunia.com/advisories/44914/>
Exploit works on Internet Explorer 8 on Microsoft Windows SP3 English with security update KB959426, and requires a user to open the exploit page in Internet Explorer.
Windows XP