|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 13042. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within specific manipulations of styles to allow for a CElement to dispose of a CTreeNode. While unwinding the stack, CElement::ComputeFormats can use the freed memory resulting in a use-after-free condition. An attacker can leverage this situation to execute code under the context of the user running the browser.
Microsoft has issued an update to correct this vulnerability. More details can be found at: