CVE-2011-1255

EXPLOITED

Microsoft Internet Explorer - Use of Uninitialized Resource

Title source: rule

Description

The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ciph3r · textremotewindows

https://www.exploit-db.com/exploits/20547

View Code ZIP pw:eip

References (4)

[Broken Link, Vendor Advisory] http://blogs.technet.com/b/srd/archive/2011/06/14/ms11-050-ie9-is-better.aspx

[Broken Link] http://osvdb.org/72947

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050

[Tool Signature] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12227

Scores

EPSS 0.5237

EPSS Percentile 97.9%

Details

VulnCheck KEV 2016-02-23

CWE

CWE-908

Status published

Products (3)

microsoft/internet_explorer 6

microsoft/internet_explorer 7

microsoft/internet_explorer 8

Published Jun 16, 2011

Tracked Since Feb 18, 2026