Home

CVE-2011-0346

Description

Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka MSHTML Memory Corruption Vulnerability.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
60.677

Associated Vulnerability

VulnerabilityOS Platform
Cumulative Security Update for Internet Explorer for Windows XP (KB2497640)Windows
Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2497640)Windows
Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2497640) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2497640) x86 based systems for SP2Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2497640) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2497640) x86 based systems for SP2Windows
Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2497640) for SP2Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2497640) for SP2Windows
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2497640) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2497640) x86 based systems for SP1Windows
Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2497640) for SP1Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2497640)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2497640) for SP1Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-9911Cumulative Security Update for Internet Explorer for Windows XP (KB2497640)
PATCH-9912Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2497640)
PATCH-9914Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2497640)
PATCH-9918Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2497640)
PATCH-9920Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2497640)
PATCH-9921Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2497640)
PATCH-9922Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2497640)
PATCH-9924Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2497640)
PATCH-9926Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2497640)
PATCH-9927Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)
PATCH-9928Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2497640)
PATCH-9929Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2497640)
PATCH-9930Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2497640)
PATCH-9931Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2497640)
PATCH-9932Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2497640)
PATCH-9933Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2497640)
PATCH-9934Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2497640)
PATCH-9935Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2497640)
PATCH-9936Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2497640)
PATCH-9937Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2497640)
PATCH-9938Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2497640)
PATCH-9939Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2497640)
PATCH-9940Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2497640)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234