Security Advisory
  • Internet Explorer iepeers.dll Use-After-Free Vulnerability Reported Date: 13-03-10
Exploit Code: http://triviasecurity.net/exploits/Microsoft-Internet-Explorer-iepeers.dll-use-after-free-exploit-for-the-Metasploit-Framework/1872
Rated Level: Critical
Impact: System Access,Remotely Exploitable
Affected Software: Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Description: A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error in iepeers.dll when handling invalid values passed to the "setAttribute()" function. This can be exploited to dereference invalid memory when a specially crafted web page using the "#default#userData" behavior is accessed.

Successful exploitation allows execution of arbitrary code.


Solution: Do not visit untrusted sites.
Original Advisory: http://www.microsoft.com/technet/security/advisory/981374.mspx
Feedback: If you have additional information or corrections for this security advisory please contact us at advisory(at)triviasecurity.org

Security Advisories by Month (2010)
Jul (3) Apr (5) Mar (3) Jan (8)
TS Promotion
TS Community Forums
Latest Exploit Codes
TS Information
About Trivia Security
Frequently Asked Questions
TS Announcements
Terms of service
Site Map
Search
Security
Phishing Scams
Advisories
Exploits
News & Headlines
xss playground
Web Proxy
Proxy List
War Games
TS Encryption
InfoSec Library
Latest Library Articles
Video Library
Top Articles
Browse Library
Soft-Tools
Latest Tools
Top Downloads
Browse Tools Archive
Forums
Login
Register
Search
Latest Topics
Links
Affiliates
TS Top Sites
Recomended Sites