CVE-2011-1346
published 2011-03-10CVE-2011-1346: Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated…
PriorityP356critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
26.17%
97.7th percentile
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
Detile: Fine-Grained Information Leak Detection in Script Engines
arxiv_fulltext·2020-07-06
Detile: Fine-Grained Information Leak Detection in Script Engines
Robert Gawlik, Philipp Koppe, Benjamin Kollenda,
Andre Pawlowski, Behrad Garmany Thorsten Holz
## Abstract
Memory disclosure attacks play an important role in the
exploitation of memory corruption vulnerabilities. By analyzing recent
research, we observe that bypasses of defensive solutions that enforce control-flow
integrity or attempt to detect return-oriented programming require memory
disclosure attacks as a fundamental first step.
However, research lags behind in detecting such information leaks.
In this paper, we tackle this problem and present a system for fine-grained,
automated detection of memory disclosure attacks against scripting engines.
The basic insight is as follows: scripting languages, such as
JavaScript in web browsers, are strictly sandboxed. They must not provide a
arXiv
Static Detection of Uninitialized Stack Variables in Binary Code
arxiv_fulltext·2020-07-05
Static Detection of Uninitialized Stack Variables in Binary Code
Static Detection of Uninitialized Stack Variables in Binary Code
Static Detection of Uninitialized Stack Variables in Binary Code
Behrad Garmany
Martin Stoffel
Robert Gawlik
Thorsten Holz
Garmany et al.
Horst Görtz Institute for IT-Security (HGI)
Ruhr-Universität Bochum, Germany
\firstname.lastname\@rub.de
## Abstract
More than two decades after the first stack smashing attacks, memory
corruption vulnerabilities utilizing stack anomalies are still prevalent and
play an important role in practice. Among such vulnerabilities, uninitialized
variables play an exceptional role due to their unpleasant property of
unpredictability: as compilers are tailored to operate fast, costly
interprocedural analysis procedures are not used in practice to detect such
vulnerabilities. As a result, comple
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011http://twitter.com/aaronportnoy/statuses/45642180118855680http://twitter.com/msftsecresponse/statuses/45646985998516224http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Ownhttp://www.securityfocus.com/bid/46821http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367https://exchange.xforce.ibmcloud.com/vulnerabilities/66063https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011http://twitter.com/aaronportnoy/statuses/45642180118855680http://twitter.com/msftsecresponse/statuses/45646985998516224http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Ownhttp://www.securityfocus.com/bid/46821http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367https://exchange.xforce.ibmcloud.com/vulnerabilities/66063https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
2011-03-10
Published