Added: 06/28/2011
CVE: CVE-2011-1256
BID: 48207
OSVDB: 72948
The Document Object Model (DOM) is a convention for interacting with objects in HTML pages.
A memory corruption vulnerability in Internet Explorer allows command execution when a user loads a specially crafted web page containing multiple javascript modifications. The vulnerability is triggered when Internet Explorer frees an object due to modification, and then attempts to access it later.
Apply the patch referenced in Microsoft Security Bulletin 11-050.
<http://www.zerodayinitiative.com/advisories/ZDI-11-193/>
Exploit works on Windows XP SP3 English (DEP OptIn) with KB2393802 and KB959426, and requires a user to load the exploit page in Internet Explorer.
Windows XP