| Name | ie_mshtml_doublefree |
| CVE | CVE-2021-26411 |
| Exploit Pack | CANVAS |
| Description | ie_mshtml_doublefree |
| Notes | CVE Name: CVE-2021-26411 VENDOR: Microsoft NOTES: This exploit targets a double-free in ie9_removeAttributeNodeInternal. The function first finds two indices for the node entry in the attribute array. The use-after-free occurs because there is a user-controlled callback between the calculating the indices and when they are used. The backing store buffer can be changed during this callback and the code doesn't verify that the index is still valid. IMPORTANT: In the current version of the exploit, the exit_redirect functionality is not working during the initial compromise. VersionsAffected: Affects all Internet Explorer versions from 11.0 up to and including 11.630.19041.0 Repeatability: Infinite References: - https://enki.co.kr/blog/2021/02/04/ie_0day.html - https://iamelli0t.github.io/2021/03/12/CVE-2021-26411.html CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26411 Date public: 04/02/2021 CVSS: N/A |
| Learn more about the CANVAS Exploit Pack here: CANVAS |