Internet Explorer CDispContainer Object Use-After-Free

XLAB ID: XLAB-15-013     

CVE ID: CVE-2015-6073     

Patch Status: Fixed

Vulnerability Details:
The vulnerability relates to how Internet Explorer processes the CDispContainer objects. By manipulating a document’s elements an attacker can force a CDispContainer object in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.

Disclosure Timeline:

2015/07/28 Provide vulnerability detail to Micorsoft via
2015/07/29 Microsoft responded that they had opend case 30734 for the issue
2015/08/04 Micorsoft responded that they had successfully reproduced the issue,
and had been working on a fix
2015/09/04 Micorsoft responded that they had been working on a fix
2015/11/25 Queried Microsoft about investigation on the issue
2015/11/26 Micorsoft responded that the issue had already been fixed with
MS15-113 on November 10, and they had assigned CVE-2015-6073to the issue

This vulnerability was discovered by:   Kai Kang