Microsoft Internet Explorer 6 contains a vulnerability when calculating timer ID's that could cause specific memory addresses (i.e. persistent memory locations) to be disclosed. If an attacker is able to combine knowledge of memory locations with a more critical vulnerability (e.g. one that could potentially allow code execution), then it could be further leveraged to bypass ASLR (Address Space Layout Randomization) protection.
Internet Explorer 6
Remote Code Execution
Remote disclosure of information This client-side vulnerability could allow an attacker to gain information about persistent memory addresses, which could be used alongside other exploits to compromise a system. By itself, the vulnerability is not very potent, but when combined with other vulnerabilities, it could have a much higher impact.
BeyondTrust Prevention and Detection:
- BeyondTrust's Blink® Professional Edition protects from this vulnerability.
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- Retina Audit 13156 - Microsoft Internet Explorer 6 Memory Address Disclosure (Zero-Day)