Vulnerability Name: CVE-2011-0346 (CCN-64482) Assigned: 2011-01-01 Published: 2011-01-01 Updated: 2021-07-23 Summary: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-399 Vulnerability Consequences: Gain Access References: Source: FULLDISC20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx CVE-2011-0346 Announcing cross_fuzz, a potential 0-day in circulation, and more http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt Microsoft Internet Explorer Multiple Vulnerabilities Microsoft Internet Explorer Use-After-Free in 'mshtml.dll' May Let Remote Users Execute Arbitrary Code Cumulative Security Update for Internet Explorer (2618444) Cumulative Security Update for Internet Explorer (2647516) Cumulative Security Update for Internet Explorer (2675157) Cumulative Security Update for Internet Explorer (2699988) Cumulative Security Update for Internet Explorer (2719177) Cumulative Security Update for Internet Explorer (2722913) Microsoft Internet Explorer 8 use-after-free vulnerability VU#427980 Cumulative Security Update for Internet Explorer (2497640) Cumulative Security Update for Internet Explorer (2530548) Cumulative Security Update for Internet Explorer (2559049) Cumulative Security Update for Internet Explorer (2586448) Internet Explorer 20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more 45639 Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability 1024940 TA11-102A ADV-2011-0026 MS11-018 ms-ie-releaseinterface-code-execution(64482) ms-ie-releaseinterface-code-execution(64482) oval:org.mitre.oval:def:11882 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* Configuration 3 :cpe:/a:microsoft:internet_explorer:8:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:ie:8.0:*:*:*:*:*:*:* Oval Definitions BACK
microsoft internet explorer 6
microsoft windows 2003 server * sp2
microsoft windows xp * sp3
microsoft windows xp - sp2
microsoft windows server 2003 * sp2
microsoft windows 2003 server * sp2
microsoft internet explorer 7
microsoft windows server 2003 * sp2
microsoft windows 2003 server * sp2
microsoft windows server 2008 * sp2
microsoft windows server 2008 *
microsoft windows xp * sp3
microsoft windows vista - sp2
microsoft windows vista * sp2
microsoft windows server 2008 - sp2
microsoft windows xp - sp2
microsoft windows 2003 server * sp2
microsoft windows vista * sp1
microsoft windows vista * sp2
microsoft windows server 2008 *
microsoft windows vista - sp1
microsoft windows server 2008 * sp2
microsoft windows vista * sp1
microsoft windows server 2008 *
microsoft internet explorer 8
microsoft windows xp * sp3
microsoft windows vista * sp1
microsoft windows vista * sp2
microsoft windows 7 *
microsoft windows 2003 server * sp2
microsoft windows vista * sp1
microsoft windows server 2008 *
microsoft windows server 2008 * sp2
microsoft windows vista - sp1
microsoft windows vista * sp2
microsoft windows server 2008 *
microsoft windows server 2008 * sp2
microsoft windows server 2008 - sp2
microsoft windows server 2008 * r2
microsoft windows xp - sp2
microsoft windows 7 -
microsoft windows server 2008 *
microsoft windows server 2008 * r2
microsoft windows server 2003 * sp2
microsoft ie 6.0
microsoft ie 7.0
microsoft ie 8.0
Denotes that component is vulnerable