Lucene search
Sam Thomas of eshu.co.ukZDI-09-086HistoryDec 08, 2009 - 12:00 a.m.
Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability
2009-12-0800:00:00
Sam Thomas of eshu.co.uk
www.zerodayinitiative.com
12
0.847 High
EPSS
Percentile
98.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the manipulation and parsing of certain HTML tags. The ordering of various objects in a malformed way results in memory corruption resulting in a call to a dangling pointer which can be further leveraged via a heap spray. Exploitation of this vulnerability will lead to remote system compromise under the credentials of the currently logged in user.
Related
securityvulns
securityvulns
ZDI-09-086: Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability
2009-12-09 00:00:00
Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325)
2009-12-09 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2009-12-10 00:00:00
symantec
symantec
seebug
seebug
Microsoft IE XHTML DOM操控内存破坏漏洞(MS09-072)
2009-12-12 00:00:00
cve
cve
prion
prion
Memory corruption
2009-12-09 18:30:00
Memory corruption
2009-12-09 18:30:00
Memory corruption
2010-01-22 22:00:00
nvd
nvd
cvelist
cvelist
checkpoint_advisories
checkpoint_advisories
openvas
openvas
Microsoft Internet Explorer 'Style' Object RCE Vulnerability
2009-12-04 00:00:00
MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability
2009-12-04 00:00:00
nessus
nessus
MS09-072: Cumulative Security Update for Internet Explorer (976325)
2009-12-08 00:00:00