Microsoft Internet Explorer display:run-in Use-After-Free Vulnerability (December 11,2014)


A use-after-free remote code execution vulnerability CVE-2014-8967 has be found in Microsoft Internet Explorer. This vulnerability is related to CHeaderElement an HTML element. Due to improper handling of CElement objects an attacker can cause the object’s reference count to fall to zero prematurely, causing the object to be freed. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page with a display:run-in CSS style. The attacker can leverage this vulnerability to execute code under the context of the current process.

Microsoft had not released a patch for this vulnerability as of today December 11,2014.Dell SonicWALL Threat Research Team has researched this vulnerability and released the following IPS signature to protect their customers.

  • IPS 6108:Microsoft Internet Explorer HTML Use After Free 6
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.