CVE-2011-1260

Microsoft Internet Explorer 8 and 9 - Remote Code Execution via Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-1260. PoCs published by Metasploit, d0c_s4vage, sinn3r, bannedit, including Metasploit module exploits/windows/browser/ms11_050_mshtml_cobjectelement.

AI-analyzed exploit summary This Metasploit module exploits a use-after-free vulnerability in Internet Explorer (CVE-2011-1256) by manipulating invalid <object> tags and overlapping elements to trigger memory corruption, leading to arbitrary code execution.

Description

Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17409

View Code ZIP pw:eip

This Metasploit module exploits a use-after-free vulnerability in Internet Explorer (CVE-2011-1256) by manipulating invalid <object> tags and overlapping elements to trigger memory corruption, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Internet Explorer 7/8 on Windows XP SP3

No auth needed

Prerequisites: Victim must visit a malicious webpage · Target must be using a vulnerable version of Internet Explorer

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by d0c_s4vage, sinn3r, bannedit · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb

View Code ZIP pw:eip

This Metasploit module exploits a use-after-free vulnerability in Internet Explorer (CVE-2011-1260) by manipulating invalid <object> tags and overlapping elements to trigger memory corruption. It includes ROP chains for bypassing DEP on IE8 and targets multiple Windows/IE versions.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Internet Explorer 7/8 on Windows XP/Vista/7

No auth needed

Prerequisites: Java Runtime Environment (for IE8 DEP bypass) · Victim visits malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12308

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8275

Scores

EPSS 0.6085

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (2)

microsoft/internet_explorer 8

microsoft/internet_explorer 9

Published Jun 16, 2011

Tracked Since Feb 18, 2026