7.6

CVE-2012-0168

Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version6
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
MicrosoftInternet Explorer Version7
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
MicrosoftInternet Explorer Version8
   MicrosoftWindows 7 Version-
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Server 2008 Versionr2
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
MicrosoftInternet Explorer Version9
   MicrosoftWindows 7 Version-
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Server 2008 Versionr2
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Vista Version- Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.31% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://osvdb.org/81126
Broken Link
http://www.securitytracker.com/id?1026901
Third Party Advisory
Broken Link
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/74379
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15577
Tool Signature