(The fix and CVE number for this issue are not known)
A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability.
Microsoft Internet Explorer 9
This bug was found back when I had very little knowledge and tools to do analysis on use-after-free bugs, so I have no details to share. In addition, EIP said they were already aware of the bug and provided no details, this issue appears to have been fixed before ZDI was able to look at it. I have included a number of reports created using a predecessor of BugId below.Repro.
I would like to note that although ZDI did not acquire the vulnerability as it was patched before they could finish analysis, they did offer me ZDI reward points as a courtesy.BugId report: Arbitrary AVR@MSHTML.
This report was generated using a predecessor of BugId, a Python script created to detect, analyze and id application bugs. Don't waste time manually analyzing issues and writing reports but try BugId out yourself today! You'll get even better reports than this one with the current version.id: Arbitrary AVR@MSHTML.
dll!CElement:: HasFlag(Zn8v) description: Security: Attempt to read from unallocated arbitrary memory (@0xDCBABBDA) in MSHTML. dll!CElement:: HasFlag note: Based on this information, this is expected to be a security issue! application: MSIE 9. 00. 8112. 16421