Microsoft Internet Explorer 8
Recompiling the regular expression pattern during a replace can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size, as explained by Alexander Sotirov in his Heap Feng-Shui presentation.
Exploitation was not investigated.
|Description:||Access violation while reading freed memory at 0x9A15E68|
|Security impact:||Potentially exploitable security issue|