A vulnerability within Internet Explorer can create a use-after-free, that may be exploited to gain arbitrary remote code execution within the context of the currently logged-on user. Internet Explorer, when rendering an HTML page, improperly frees a CMshtmlEd object; however, during execution of the CMshtml::Exec() function, the already freed object is called again, creating a use-after-free scenario. This may be exploited by a heap spray, which allows an attacker to position a malicious payload for execution.
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.
BeyondTrust Prevention and Detection:
Blink Endpoint Protection mitigates this attack.
- 17089 – Microsoft Internet Explorer CMshtmlEd::Exec() Code Execution (Zero-Day)
Do not use Internet Explorer 6, 7, 8, or 9. Leverage EMET 3.0, which is available from Microsoft. Use the Fix it solution provided by Microsoft.
- Original Advisory
- Microsoft Advisory
- Microsoft Fix it
- Microsoft Bulletin
- Additional Analysis
- Metasploit Module