Lucene search
Simon ZuckerbraunZDI-19-277HistoryMar 12, 2019 - 12:00 a.m.
Microsoft Internet Explorer Attr nodeValue Use-After-Free Remote Code Execution Vulnerability
2019-03-1200:00:00
Simon Zuckerbraun
www.zerodayinitiative.com
14
0.025 Low
EPSS
Percentile
90.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the nodeValue property on HTML attribute nodes. By performing actions in script, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
mscve
mscve
Windows VBScript Engine Remote Code Execution Vulnerability
2019-03-12 07:00:00
zdi
zdi
checkpoint_advisories
checkpoint_advisories
symantec
symantec
prion
prion
Remote code execution
2019-04-08 23:29:00
Remote code execution
2019-04-09 03:29:00
Remote code execution
2019-04-08 23:29:00
cvelist
cvelist
cve
cve
nvd
nvd
nessus
nessus
Security Updates for Internet Explorer (March 2019)
2019-03-12 00:00:00
KB4489884: Windows Server 2012 March 2019 Security Update
2019-03-12 00:00:00
KB4489883: Windows 8.1 and Windows Server 2012 R2 March 2019 Security Update
2019-03-12 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: March 12, 2019
2019-03-12 07:00:00
March 12, 2019âKB4489891 (Monthly Rollup)
2019-03-12 07:00:00
March 12, 2019âKB4489881 (Monthly Rollup)
2019-03-12 07:00:00
kaspersky
kaspersky
KLA11431 Multiple vulnerabilities in Microsoft Browsers
2019-03-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4489878)
2019-03-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4489881)
2019-03-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4489872)
2019-03-13 00:00:00
talosblog
talosblog