A specially crafted web-page can cause an unknown type of memory corruption in Microsoft Internet Explorer 8. This vulnerability can cause the Ptls5::LsFindSpanVisualBoundaries method (or other methods called by it) to access arbitrary memory.
Known affected software, attack vectors and mitigations
Microsoft Internet Explorer 8
The memory corruption causes the Ptls5::LsFindSpanVisualBoundaries method to access data at seemingly random addresses. However, these addresses appear to always be in the same range as valid heap addresses, even if they are often not DWORD aligned. The reason for the memory corruption is not immediately obvious.
July 2014: This vulnerability was found through fuzzing.
November 2016: Details of this issue are released.