CVE-2011-1345 Information

Description

Microsoft Internet Explorer 6 7 and 8 does not properly handle objects in memory which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011 aka \Object Management Memory Corruption Vulnerability.\

Reference

http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://twitter.com/aaronportnoy/statuses/45642180118855680 http://twitter.com/msftsecresponse/statuses/45646985998516224 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.securityfocus.com/bid/46821 http://www.securitytracker.com/id?1025327 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://exchange.xforce.ibmcloud.com/vulnerabilities/66062 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12228 https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011