Internet Explorer 9 – Iedvtool.dll Malformed HTML Null Pointer Dereference Vulnerability August 15, 2011 Author(s): Ivan Sanchez & Hernan Hegykozi Contact Us: security@evilcode.com.ar Versions: Microsoft Internet Explorer 9.0.8 Date: 10/08/2011 Product: Microsoft Internet Explorer 9.0.8 / Developer Tool F12 Vendor: Notified Internal Id: MSRC 11623 We have discovered that the product “Internet Explore 9 /Developer Tool F12″ presents a big hole regarding a Remote NULL Pointer Dereference, crashing the application when you run special code. Vendor Statement: Microsoft Security Response Center has investigated this issue and it results being a NULL pointer dereference. Based on this, this issue can’t be exploited to execute arbitrary code and it results in a stability bug. This issue will be considered to be resolved in a future release of Internet Explorer. Remediation: Microsoft is working to solve this error for next version of Internet Explorer to address this stability issue.