Lucene search
AnonymousAnonymousZDI-09-070HistoryOct 13, 2009 - 12:00 a.m.
Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
2009-10-1300:00:00
AnonymousAnonymous
www.zerodayinitiative.com
12
0.906 High
EPSS
Percentile
98.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the copy constructor for a specific DOM object. When duplicated, more than one reference can be made of anything assigned to itβs properties. When the variable/object goes out of scope, these properties will be deallocated twice. This results in a heap corruption which can lead to code execution under the context of the current user.
Related
securityvulns
securityvulns
ZDI-09-070: Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
2009-10-14 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2009-10-14 00:00:00
seebug
seebug
Microsoft IEδΊδ»Άε―Ήθ±‘η±»εειιζΎζΌζ΄οΌMS09-054οΌ
2009-10-19 00:00:00
checkpoint_advisories
checkpoint_advisories
nvd
nvd
cve
cve
cvelist
cvelist
prion
prion
Memory corruption
2009-10-14 10:30:00
Memory corruption
2009-10-14 10:30:00
Memory corruption
2010-01-22 22:00:00
nessus
nessus
MS09-054: Cumulative Security Update for Internet Explorer (974455)
2009-10-13 00:00:00
mskb
mskb
MS09-054: Cumulative security update for Internet Explorer
2014-06-23 07:27:42
openvas
openvas
Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
2009-10-14 00:00:00
Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
2009-10-14 00:00:00