CVE-2011-0346

high Microsoft
CVSS v3 Base Score
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
60.7%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: January 7, 2011 (5606 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD

Description

Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."

CWE

CWE-399

Affected Products

microsoft internet explorer

References

🔗 archives.neohapsis.com 🔗 blogs.technet.com 🔗 lcamtuf.blogspot.com 🔗 lcamtuf.coredump.cx 🔗 lcamtuf.coredump.cx