A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to sanitize user-supplied input when an unspecified error occurs in the drag and drop feature resulting in memory corruption. This may allow an attacker to execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• CVE ID: 2011-1254 (see also: NVD)
• Microsoft Knowledge Base Article: 2530548
• Secunia Advisory ID: 44914
• Related OSVDB ID: 72942 72943 72944 72947 72948 72949 72950 72951 72952 72953
• Vendor Specific News/Changelog Entry: http://blogs.technet.com/b/msrc/archive/2011/06/14/autorun-related-malware-declines-and-the-june-2011-security-bulletin-release.aspx
• News Article: http://nakedsecurity.sophos.com/2011/06/14/patch-tuesday-june-2011-16-bulletins-9-critical/
  http://www.scmagazineus.com/patch-tuesday-sees-16-fixes/article/205290/
  http://www.thetechherald.com/article.php/201124/7275/Patch-Tuesday-Microsoft-hits-34-vulnerabilities-in-16-bulletins
• Microsoft Security Bulletin: MS11-050

• Nirmal Singh Bhary - Norman