Vulnerability Details : CVE-2011-0346
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2011-0346
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0346
55.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0346
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-10-21 |
CWE ids for CVE-2011-0346
-
Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2011-0346
-
http://www.securityfocus.com/bid/45639
Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
-
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html
-
http://www.securitytracker.com/id?1024940
Microsoft Internet Explorer Use-After-Free in 'mshtml.dll' May Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html
lcamtuf's blog: Announcing cross_fuzz, a potential 0-day in circulation, and more
-
http://www.vupen.com/english/advisories/2011/0026
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64482
Microsoft Internet Explorer ReleaseInterface() code execution CVE-2011-0346 Vulnerability Report
-
http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt
-
http://www.securityfocus.com/archive/1/515506/100/0/threaded
SecurityFocus
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
Microsoft Security Bulletin MS11-018 - Critical | Microsoft Docs
-
http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt
-
http://www.kb.cert.org/vuls/id/427980
VU#427980 - Microsoft Internet Explorer 8 use-after-free vulnerabilityUS Government Resource
-
http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt
-
http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
Assessing the risk of public issues currently being tracked by the MSRC – Microsoft Security Response Center
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11882
Repository / Oval Repository
Jump to