The vulnerability was firstly disclosed by VUPEN in January 22, 2011.
This issue was disclosed as part of the Pwn2Own 2011 contest.
Using this vulnerability Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win CanSecWest hacker challenge ($15,000 cash prize and a new Windows laptop) in March 9-11 in Vancouver, British Columbia.
The issue has been introduced in 03/05/2008.
Exploit:JS/CVE-2011-1345.
Vulnerability details
Advisory: SB2011012201 - Remote code execution in Microsoft Internet Explorer
Vulnerable component: Microsoft Internet Explorer
CVE-ID: CVE-2011-1345
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling onPropertyChange function calls. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
External links:
https://technet.microsoft.com/en-us/library/security/ms11-018
http://www.computerworld.com/article/2506697/cybercrime-hacking/safari--ie-hacked-first-at-pwn2own.h...
https://twitter.com/aaronportnoy/statuses/45642180118855680
http://www.zdnet.com/article/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/
https://archive.cert.uni-stuttgart.de/bugtraq/2011/04/msg00159.html
https://packetstormsecurity.com/files/100469/Microsoft-Internet-Explorer-Property-Change-Memory-Corr...