|
Description
|
|
Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) A use-after-free error when handling CQuotes objects can be exploited to corrupt memory.
2) A use-after-free error when handling CSecurityContext objects can be exploited to corrupt memory.
3) A use-after-free error when handling the relation between two CSS stylesheets can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) A boundary error within the "CPtsTextParaclient::GetApeCorners()" function can be exploited to corrupt memory.
6) A use-after-free error when handling CElement objects can be exploited to corrupt memory.
7) A boundary error within the "GetReplacedUrlImgCtxCookie()" function can be exploited to corrupt memory.
8) A type confusion error when handling DOMStringMap objects can be exploited to corrupt memory.
9) A use-after-free error when handling CHeaderElement objects can be exploited to corrupt memory.
10) Another unspecified error can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #1 through #10 allows execution of arbitrary code.
11) Two unspecified errors can be exploited to bypass certain security restrictions.
12) An unspecified error can be exploited to disclose certain cross-domain information.
13) Another unspecified error can be exploited to disclose certain cross-domain information.
14) Another unspecified error can be exploited to disclose certain cross-domain information.
15) An unspecified error can be exploited to disclose certain clipboard information.
16) An unspecified error can be exploited to bypass the Address Space Layout Randomization (ASLR) security feature.
|
