Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » KB2794220

Overview

Id KB2794220
Name MS 2794220 Workaround for Vulnerability in Internet Explorer (Enabled) (See Notes)
Vendor Name microsoft
Product Windows 2K3SP1,Windows 2K3SP2,Windows 2K8SP1,Windows 2K8SP2,Windows 2KSP4,Windows VISTASP0,Windows VISTASP1,Windows VISTASP2,Windows 7SP0,Windows 7SP1,Windows XPSP2,Windows XPSP3
Content Type Recommended Recommended
Language(s) ENGLISH 
Operating System(s) Windows 
Released On 31 Dec 2012 12:00:00

KB2794220

MS 2794220 Workaround for Vulnerability in Internet Explorer (Enabled) (See Notes)

Vendor Name

microsoft

Product

Windows 2K3SP1,Windows 2K3SP2,Windows 2K8SP1,Windows 2K8SP2,Windows 2KSP4,Windows VISTASP0,Windows VISTASP1,Windows VISTASP2,Windows 7SP0,Windows 7SP1,Windows XPSP2,Windows XPSP3

Released On

31 Dec 2012 12:00:00

Url

http://support.microsoft.com/kb/2794220

Description

Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Important Notes:

  • Review the details in the KB article BEFORE using this workaround.
  • This Fix it solution is not intended to be a replacement for any security update. It is recommended that you always install the latest security updates. However, this Fix it solution is offered as a workaround option for some scenarios.
  • This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice.
  • Before applying this workaround, users should apply the latest Microsoft security updates.
  • Deployment for Install will enable the "MSHTML Shim Workaround" that prevents exploitation of this issue by running Microsoft Fix it 50971.
  • Deployment for Uninstall will disable the "MSHTML Shim Workaround" by running Microsoft Fix it 50972.
  • Related Resources

    Related Vulnerabilities

    CVE-2012-4792  

    Related Patches

    Superseded Patches

    None


    Last Updated: 27 May 2016 11:15:58