d0c_s4vage

4 exploits Active since Dec 2010
CVE-2010-3971 METASPLOIT ruby WORKING POC
Internet Explorer 6-8 - Use-After-Free in CSS Parser via Self-Referential @import Rule
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
CVE-2011-1260 METASPLOIT ruby WORKING POC
Microsoft Internet Explorer 8 and 9 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
CVE-2010-3971 EXPLOITDB ruby WORKING POC
Internet Explorer 6-8 - Use-After-Free in CSS Parser via Self-Referential @import Rule
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
CVE-2011-1260 EXPLOITDB ruby WORKING POC
Microsoft Internet Explorer 8 and 9 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."