Internet Explorer 9 – Iedvtool.dll Malformed HTML Null Pointer Dereference Vulnerability
August 15, 2011  

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Microsoft Internet Explorer 9.0.8
Date: 10/08/2011
Product: Microsoft Internet Explorer 9.0.8 / Developer Tool F12
Vendor: Notified
Internal Id: MSRC 11623

We have discovered that the product “Internet Explore 9 /Developer Tool F12″ presents a big hole regarding a Remote NULL Pointer Dereference, crashing the application when you run special code.

Vendor Statement:

Microsoft Security Response Center has investigated this issue and it results being a NULL pointer dereference. Based on this, this issue can’t be exploited to execute arbitrary code and it results in a stability bug. This issue will be considered to be resolved in a future release of Internet Explorer.

Remediation:

Microsoft is working to solve this error  for next version of Internet Explorer to address this stability issue.