Executive Summary
Summary | |
---|---|
Title | Microsoft Internet Explorer 8 use-after-free vulnerability |
Informations | |||
---|---|---|---|
Name | VU#427980 | First vendor Publication | 2011-01-06 |
Vendor | VU-CERT | Last vendor Modification | 2011-01-10 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#427980Microsoft Internet Explorer 8 use-after-free vulnerabilityOverviewMicrosoft Internet Explorer 8 is susceptible to a use-after-free vulnerability in the mshtml.dll library.I. DescriptionThe use-after-free vulnerability is triggered when handling circular memory references. Full details of the crash can be found at Michal Zalewski's website. Additional details about the fuzzer used to find this vulnerability can be found at Michal Zalewski's blog.II. ImpactAn attacker can cause the browser to crash and may be able to execute arbitrary code as the user.III. SolutionWe are currently unaware of a practical solution to this problem.Internet Explorer users should take advantage of the mitigations provided in Microsoft's Enhanced Mitigation Experience Toolkit.
Referenceshttp://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html This vulnerability was reported to the public by Michal Zalewski. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/427980 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11838 | |||
Oval ID: | oval:org.mitre.oval:def:11838 | ||
Title: | DEPRECATED: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 | ||
Description: | Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0346 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11882 | |||
Oval ID: | oval:org.mitre.oval:def:11882 | ||
Title: | MSHTML Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0346 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2011-04-13 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2497640) File : nvt/secpod_ms11-018.nasl |
2011-02-01 | Name : Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulner... File : nvt/gb_ms_ie_releaseinterface_code_execution_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70391 | Microsoft IE MSHTML.DLL ReleaseInterface Function Use-after-free Arbitrary Co... Microsoft IE contains a user-after-free vulnerability related to the ReleaseInterface function in MSHTML.DLL. This may allow a context-dependent attacker to use a crafted web page to execute arbitrary code via vectors related to DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-04-13 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms11-018.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:03 |
|