Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4969

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-4969
Last Modified 02 Nov 2013 11:27:42
Published 18 Sep 2012 06:39:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4969

Summary

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

Vulnerable Systems

Application

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7

  • Microsoft Internet Explorer 8

  • Microsoft Internet Explorer 9


References

MISC - http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild

CONFIRM - http://technet.microsoft.com/security/advisory/2757760

MISC - http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/

MISC - http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb

MISC - http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/

CERT - TA12-265A

CERT - TA12-262A

CERT-VN - VU#480095

SECTRACK - 1027538

CERT - TA12-255A

Related Patches

MS 2757760 Workaround for Vulnerability in Internet Explorer (Enabled) (See Notes)

MS 2757760 Workaround for Vulnerability in Internet Explorer (Disabled) (See Notes)

MS12-063 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 9 for Windows 7 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows 7 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 8 for Windows Vista x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 9 for Windows Vista x64 (KB2744842)

MS12-063 Cumulative Security Update for Internet Explorer 7 for Windows Vista x64 (KB2744842)


Last Updated: 27 May 2016 11:00:44