iDefense Security Advisory 12.14.10 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. During the instantiation of multiple ActiveX Controls, a particular object is created along with multiple references that point to the object. The object can be destroyed and its associated references removed. However, a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control. Microsoft Internet Explorer 6, 7 and 8 are vulnerable.
4c0764ad14f98ee7df9da2ae3da2919d78490434383ec3b2809162fb897f8865
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed