CVE-2011-1345

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
References
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
http://twitter.com/aaronportnoy/statuses/45642180118855680
http://twitter.com/msftsecresponse/statuses/45646985998516224
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
http://www.securityfocus.com/bid/46821
http://www.securitytracker.com/id?1025327
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
https://exchange.xforce.ibmcloud.com/vulnerabilities/66062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228
https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
http://twitter.com/aaronportnoy/statuses/45642180118855680
http://twitter.com/msftsecresponse/statuses/45646985998516224
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
http://www.securityfocus.com/bid/46821
http://www.securitytracker.com/id?1025327
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
https://exchange.xforce.ibmcloud.com/vulnerabilities/66062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228
https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011