A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 9. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability.
Microsoft Internet Explorer 9
An attacker would need to get a target user to open a specially crafted web-page. Disabling JavaScript should prevent an attacker from triggering the vulnerable code path.
This bug was found back when I had very little knowledge and tools to do analysis on use-after-free bugs, so I have no details to share. ZDI revealed that this was a use-after-free vulnerability in their advisory. I have included a number of reports created using a predecessor of BugId below.
Repro.This report was generated using a predecessor of BugId, a Python script created to detect, analyze and id application bugs. Don't waste time manually analyzing issues and writing reports but try BugId out yourself today! You'll get even better reports than this one with the current version.id: MSHTML.dll!CView:: EnsureSize Arbitrary AVR(291A3D35) description: Security: Attempt to read from unallocated arbitrary memory (@0x0B2FEFE8) in MSHTML. dll!CView:: EnsureSize note: Based on this information, this is expected to be a security issue! application: MSIE 9. 00. 8112. 16421