This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. The flaw exists within the Tabular Data Control ActiveX module, if provided a malicious DataURL parameter a stack corruption may occur in the function CTDCCtl::SecurityCHeckDataURL. This module runs a web server waiting for vulnerable clients (Internet Explorer 6) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in Microsoft Internet Explorer when handling a specially crafted STYLE HTML tag when accessed via the document.getElementsByTagName JavaScript function. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Use-after-free vulnerability in Microsoft Internet Explorer where a CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a use after free in Internet Explorer by using a SetMouseCapture vulnerability in MSHTML. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a Use-After-Free vulnerability on Internet Explorer 7. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a Use-After-Free vulnerability on Internet Explorer 6 and 7. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a use-after-free vulnerability in the MSHTML component in Internet Explorer. The specific error occurs due to the way Internet Explorer handles objects in memory. It is possible to use a pointer in CTableRowCellsCollectionCacheItem::GetNext after it gets freed and get remote code execution. This vulnerability was one of the 2012's Pwn2Own challenges.
Microsoft Internet Explorer 8 is prone to a heap overflow vulnerability caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
A use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.