CVE-2011-1260

Microsoft Internet Explorer - Memory Corruption

Title source: rule

Description

Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17409

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by d0c_s4vage, sinn3r, bannedit · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12308

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050

[Third Party Advisory] http://securityreason.com/securityalert/8275

Scores

EPSS 0.8175

EPSS Percentile 99.2%

Details

CWE

CWE-119

Status published

Products (2)

microsoft/internet_explorer 8

microsoft/internet_explorer 9

Published Jun 16, 2011

Tracked Since Feb 18, 2026