CVE-2011-0346 — Use After Free in Microsoft Internet Explorer

CWE-399 CWE-416 — Use After Free3 documents3 sources

Severity

8.1HIGHNVD

EPSS

60.7%

top 1.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedJan 7

Latest updateMay 13

Description

Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6, 7, 8+2

🔴Vulnerability Details

GHSA

GHSA-p9r7-8rjp-gmw3: Use-after-free vulnerability in the ReleaseInterface function in MSHTML↗2022-05-13

▶

📋Vendor Advisories

Red Hat

tomcat: World-readable log directory↗2013-02-22

▶