VDB
CVE-2011-0346
CVE-2011-0346
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
EPSS 60.68% · 98.3th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
60.68%
98.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | internet_explorer | 6, 8, 7 |
| n/a | n/a | n/a |
| microsoft | internet_explorer | 6, 7, 8 |
Timeline
- Jan 7, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 16, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- ADV-2011-0026 vdb
- TA11-102A third-party-advisory
- http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html url
- http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx url
- oval:org.mitre.oval:def:11882 vdb
- ms-ie-releaseinterface-code-execution(64482) vdb
- 45639 vdb
- MS11-018 vendor-advisory
- 20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more mailing-list
- 20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more mailing-list
- http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt url
- 1024940 vdb
- http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt url
- VU#427980 third-party-advisory
- http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt url
- https://nvd.nist.gov/vuln/detail/CVE-2011-0346 advisory