QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1345

Published: Mar 10, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_CERT

http://twitter.com/msftsecresponse/statuses/45646985998516224

x_refsource_MISC

http://twitter.com/aaronportnoy/statuses/45642180118855680

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_MS

http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011

x_refsource_MISC

http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own

x_refsource_MISC

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:12228

vdb-entry

signature

x_refsource_OVAL

https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011

x_refsource_MISC

ms-ie-unspec-code-exec(66062)

vdb-entry

x_refsource_XF

http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.