Lucene search
Peter Winter-SmithZDI-11-196HistoryJun 14, 2011 - 12:00 a.m.
Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
2011-06-1400:00:00
Peter Winter-Smith
www.zerodayinitiative.com
17
EPSS
0.886
Percentile
98.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles HTTP 302 redirects to CDL protocols. When Internet Explorer tries to determine who is responsible for handling the protocol redirect it fails to keep a correct reference counter to a Transaction object which results in a use-after-free vulnerability. This can be leveraged into remote code execution under the context of the current user.
Related
cvelist
cvelist
CVE-2011-1262
2011-06-16 20:21:00
checkpoint_advisories
checkpoint_advisories
seebug
seebug
securityvulns
securityvulns
nvd
nvd
CVE-2011-1262
2011-06-16 20:55:01
prion
prion
Memory corruption
2011-06-16 20:55:00
cve
cve
CVE-2011-1262
2011-06-16 20:55:01
nessus
nessus
MS11-050: Cumulative Security Update for Internet Explorer (2530548)
2011-06-15 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
mskb
mskb
MS11-050: Cumulative Security Update for Internet Explorer: June 14, 2011
2011-06-14 00:00:00
threatpost
threatpost
ExploitHub Offering Bounties โ And Residuals โ for Exploits
2011-10-05 13:11:31