|
|
|
|
| |
Credit:
The information has been provided by Ivan Fratric.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-287/
|
| |
Vulnerable Systems:
* Microsoft Internet Explorer
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.
Patch Availability:
Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://technet.microsoft.com/en-us/security/bulletin/ms11-081
CVE Information:
CVE-2011-1996
Disclosure Timeline:
2011-06-03 - Vulnerability reported to vendor
2011-10-15 - Coordinated public release of advisory
|
|
|
|
|
