CVE-2012-4969

Warnung

EPSS 92.69%
Veröffentlicht 18.09.2012 10:39:14
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version6

Microsoft ≫ Internet Explorer Version7

   Microsoft ≫ Windows Server Version2003 Updatesp2
   Microsoft ≫ Windows Server Version2003 Updatesp2 HwPlatformitanium
   Microsoft ≫ Windows Server Version2003 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Server Version2008 Updatesp2
   Microsoft ≫ Windows Server Version2008 Updatesp2 HwPlatformitanium
   Microsoft ≫ Windows Server Version2008 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Vista Updatesp2
   Microsoft ≫ Windows Vista Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Vista Version- Updatesp2
   Microsoft ≫ Windows Xp Updatesp3
   Microsoft ≫ Windows Xp Version- Updatesp2 HwPlatformx64

Microsoft ≫ Internet Explorer Version8

   Microsoft ≫ Windows 7 HwPlatformx64
   Microsoft ≫ Windows 7 Editionx64
   Microsoft ≫ Windows 7 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows 7 Version- Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server Version2003 Updatesp2
   Microsoft ≫ Windows Server Version2003 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Server Version2008 Updatesp2
   Microsoft ≫ Windows Server Version2008 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformitanium
   Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformx64
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Vista Updatesp2
   Microsoft ≫ Windows Vista Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Vista Version- Updatesp2
   Microsoft ≫ Windows Xp Updatesp3
   Microsoft ≫ Windows Xp Version- Updatesp2 HwPlatformx64

Microsoft ≫ Internet Explorer Version9

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows 7 HwPlatformx64
   Microsoft ≫ Windows 7 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows 7 Updatesp1 HwPlatformx86
   Microsoft ≫ Windows 7 Version- Update- HwPlatformx64
   Microsoft ≫ Windows 7 Version- Updatesp1 HwPlatformx64
   Microsoft ≫ Windows 7 Version- Updatesp1 HwPlatformx86
   Microsoft ≫ Windows Server 2008 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Server 2008 Version- Updatesp2
   Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformx64
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Vista Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Vista Versionsp2

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Internet Explorer Use-After-Free Vulnerability

Schwachstelle

Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	92.69%	0.997

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://www.us-cert.gov/cas/techalerts/TA12-255A.html

Third Party Advisory

US Government Resource

http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/

Broken Link

http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb

Broken Link

http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/

Third Party Advisory

http://technet.microsoft.com/security/advisory/2757760

Patch

Vendor Advisory