A specially crafted web-page can cause Microsoft Internet Explorer 10 to continue to use an object after freeing the memory used to store the object. An attacker might be able to exploit this issue to execute arbitrary code.
Microsoft Internet Explorer 10
An attacker would need to get a target user to open a specially crafted web-page. Disabling Javascript should prevent an attacker from triggering the vulnerable code path.
The last line of script (designMode = "off"
) will cause some cleanup in MSIE,
which appears to trigger use of a stale pointer in CEditAdorner::
. I
did not investigate further.
This report was generated using a predecessor of BugId, a Python script created to detect, analyze and id application bugs. Don't waste time manually analyzing issues and writing reports but try BugId out yourself today! You'll get even better reports than this one with the current version. BugId report: MSHTML.id: MSHTML.dll!CControlTracker:: IsSelected Arbitrary AVR(7FDF0051) description: Security: Attempt to read from unallocated arbitrary memory (@0x1375502C) in MSHTML. dll!CControlTracker:: IsSelected note: Based on this information, this is expected to be a security issue! application: MSIE 10. 00. 9200. 16384 en-GB
This report was generated using a predecessor of BugId, a Python script created to detect, analyze and id application bugs. Don't waste time manually analyzing issues and writing reports but try BugId out yourself today! You'll get even better reports than this one with the current version. BugId report: MSHTML.id: MSHTML.dll!CEditAdorner:: Detach Arbitrary AVR(96CC369A) description: Security: Attempt to read from unallocated arbitrary memory (@0x1343CFC0) in MSHTML. dll!CEditAdorner:: Detach note: Based on this information, this is expected to be a security issue! application: MSIE 10. 00. 9200. 16384 en-GB
This report was generated using a predecessor of BugId, a Python script created to detect, analyze and id application bugs. Don't waste time manually analyzing issues and writing reports but try BugId out yourself today! You'll get even better reports than this one with the current version.id: MSHTML.dll!CSelectedControlAdorner:: DrawToSurface Arbitrary AVR(C5FD1801) description: Security: Attempt to read from unallocated arbitrary memory (@0x138E6F34) in MSHTML. dll!CSelectedControlAdorner:: DrawToSurface note: Based on this information, this is expected to be a security issue! application: MSIE 10. 00. 9200. 16384 en-GB