Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1345

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-1345
Last Modified 04 Oct 2011 10:53:27
Published 10 Mar 2011 03:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1345

Summary

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 8


References

CERT - TA11-102A

MISC - https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011

XF - ms-ie-unspec-code-exec(66062)

MISC - http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367

SECTRACK - 1025327

BID - 46821

MS - MS11-018

MISC - http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own

MISC - http://twitter.com/msftsecresponse/statuses/45646985998516224

MISC - http://twitter.com/aaronportnoy/statuses/45642180118855680

MISC - http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011


Last Updated: 27 May 2016 10:56:18