what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Microsoft Internet Explorer 6 / 7 / 8 Memory Corruption
Posted Nov 5, 2010
Authored by Matteo Memelli

Microsoft Internet Explorer versions 6, 7 and 8 memory corruption exploit.

tags | exploit
advisories | CVE-2010-3962
MD5 | c0d7b7b1f0ae356bc5698b97fcf5122b

Related Files

Internet Explorer Remote Code Execution With DEP And ASLR Bypass
Posted Aug 17, 2012
Authored by FaryadR

The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2011-1255
MD5 | c360b436f312000c4cb2ecb69ece4dd6
Technical Cyber Security Alert 2012-174A
Posted Jun 23, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-174A - Microsoft Security Advisory (2719615) warns of active attacks using a vulnerability in Microsoft XML Core Services. Microsoft Internet Explorer and Microsoft Office can be used as attack vectors.

tags | advisory
MD5 | e0fdec3f2a778e9ba75f1144d0d64c3e
Microsoft Internet Explorer Col Element Remote Heap Overflow
Posted Jun 20, 2012
Authored by Alexandre Pelletier, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a heap overflow error in the mshtml.dll module when processing "Col" elements, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2012-1876
MD5 | d6f32f221551f0216f61f02dec616d81
Microsoft Internet Explorer GetAtomTable Remote Use-After-Free
Posted Jun 20, 2012
Authored by VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing GetAtomTable objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, arbitrary
advisories | CVE-2012-1875
MD5 | 5d685afe090b871b105dae365a1de47b
Microsoft Internet Explorer CollectionCache Remote Use-After-Free
Posted Jun 20, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing CollectionCache objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, arbitrary
MD5 | beff56c5b350a41521763a35c83c6ac2
Microsoft Internet Explorer 8 / 9 Toolbar Code Execution
Posted Jun 14, 2012
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered that Microsoft Internet Explorer versions 8 and 9 suffer from a use-after-free vulnerability in the developer toolbar.

tags | advisory
advisories | CVE-2012-1874
MD5 | aecdddb2a5a1025b08e025ff7798ffaf
Microsoft Internet Explorer 8 Code Execution
Posted Jun 14, 2012
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered a remote code execution vulnerability in Microsoft Internet Explorer 8 due to a use-after-free issue having to do with property ids.

tags | advisory, remote, code execution
advisories | CVE-2012-1875
MD5 | bd95491c06843df2fbded9d5fca6e4e3
Zero Day Initiative Advisory 12-093
Posted Jun 12, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles dynamically changed colspans on a column in a table with the table-layout:fixed style. If the colspan is increased after initial creation it will result in a heap overflow. This can lead to remote code execution under the context of the current program.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2012-1876
MD5 | efdcc8810ffb00c0629532f716357265
Microsoft Internet Explorer VML Remote Code Execution
Posted Apr 18, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.

tags | advisory, web
advisories | CVE-2012-0172
MD5 | 430a418df374f4f687210e3faa479f35
Microsoft Internet Explorer 8 Code Execution
Posted Feb 29, 2012
Authored by Ivan Fratric

This is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.

tags | exploit, arbitrary, proof of concept
advisories | CVE-2011-1999
MD5 | 019b8a52cdfa45c64282b47a5068cc29
Zero Day Initiative Advisory 12-036
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. The object is can be reused, and due to this object being freed, a later allocation can be located in this memory region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0155
MD5 | d520febd6ac5db41fa8f6c3cee7dd1c7
Zero Day Initiative Advisory 12-035
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0011
MD5 | aca7c31cd83717483b28d457d97f425a
Secunia Security Advisory 48028
Posted Feb 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.

tags | advisory, vulnerability
MD5 | aea1226ca307b13498564e11e166c39f
Secunia Security Advisory 48031
Posted Feb 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 6866684a8c86d49843bb45ee88db6731
Microsoft Internet Explorer 8 Stack Exhaustion
Posted Feb 6, 2012
Authored by Todor Donev

Microsoft Internet Explorer 8 suffers from a denial of service vulnerability due to a stack exhaustion issue.

tags | exploit, denial of service
MD5 | 66bb90de6413d859088e9f34eca6e1fb
Secunia Security Advisory 47212
Posted Dec 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Three vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.

tags | advisory, vulnerability
MD5 | 728b05dc3e1015c6445ff0fe1d39efea
Browser Security Comparison: A Quantitative Approach
Posted Dec 10, 2011
Authored by Ryan Smith, Chris Valasek, Paul Mehta, Charlie Miller, Shawn Moyer, Joshua Drake | Site accuvant.com

Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.

tags | paper
MD5 | 264a3b0c9d9007c6544319b4853db82a
Secunia Security Advisory 47129
Posted Dec 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 8a6ce61371bad076bc788cc1b7c40ff7
Microsoft Internet Explorer X-UA-COMPATIBLE Use-After-Free
Posted Oct 21, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing the "X-UA-COMPATIBLE" keyword of a "META" tag, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, remote, web
MD5 | d0917ede7f3ba13b501c89768c34c464
Zero Day Initiative Advisory 11-290
Posted Oct 15, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-290 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within mshtml.dll and is a logic bug in the way it handles the 'extra size index' in certain CDispNode classes within the SetExpandedClipRect function. When the 'extra size index' is zero, the code fails to correctly adjust the class instance pointer before and uses the vftable pointer as a flag field. This corrupts the vftable pointer and can lead to remote code execution under the context of the current user. This issue is closely related to CVE-2009-3672.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-2001
MD5 | ebc951ea3d9ca447a4c14ea9cf496733
Zero Day Initiative Advisory 11-289
Posted Oct 15, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). When a call to swapNode is issued on an node within a document that has two body nodes, Internet Explorer frees an attribute field for one of the body nodes and then later re-uses the freed field during the node swap. This behavior could result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-2000
MD5 | 7b9e423b62ef2ada8de046c8de5f1b78
Zero Day Initiative Advisory 11-288
Posted Oct 15, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. When parsing one of the operands of a method, the application will pass the argument straight to a method that will use the variant as an index. Due to bypassing the argument check, an aggressor can set the index to point to data outside the bounds of the array. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-1999
MD5 | d6582e8b95f499fb1939f063cd18ed1e
Zero Day Initiative Advisory 11-287
Posted Oct 15, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-1996
MD5 | b5ebec42ff3db215b08593562b8736bb
iDefense Security Advisory 10.11.11 - Internet Explorer
Posted Oct 13, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.

tags | advisory, remote, arbitrary, javascript
advisories | CVE-2011-1997
MD5 | 69bdd7c16951f46f6e1c6d5c3c18631e
Secunia Security Advisory 46400
Posted Oct 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 16a3a4bbb2a33e490cae2cd6f65cc1ca
Page 1 of 4
Back1234Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close