CVE-2012-4969

Warning

EPSS 92.69%
Published 18.09.2012 10:39:14
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

Affected products Warnungen 1 Metrics 4 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version6

Microsoft ≫ Internet Explorer Version7

   Microsoft ≫ Windows Server Version2003 Updatesp2
   Microsoft ≫ Windows Server Version2003 Updatesp2 HwPlatformitanium
   Microsoft ≫ Windows Server Version2003 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Server Version2008 Updatesp2
   Microsoft ≫ Windows Server Version2008 Updatesp2 HwPlatformitanium
   Microsoft ≫ Windows Server Version2008 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Vista Updatesp2
   Microsoft ≫ Windows Vista Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Vista Version- Updatesp2
   Microsoft ≫ Windows Xp Updatesp3
   Microsoft ≫ Windows Xp Version- Updatesp2 HwPlatformx64

Microsoft ≫ Internet Explorer Version8

   Microsoft ≫ Windows 7 HwPlatformx64
   Microsoft ≫ Windows 7 Editionx64
   Microsoft ≫ Windows 7 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows 7 Version- Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server Version2003 Updatesp2
   Microsoft ≫ Windows Server Version2003 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Server Version2008 Updatesp2
   Microsoft ≫ Windows Server Version2008 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformitanium
   Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformx64
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Vista Updatesp2
   Microsoft ≫ Windows Vista Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Vista Version- Updatesp2
   Microsoft ≫ Windows Xp Updatesp3
   Microsoft ≫ Windows Xp Version- Updatesp2 HwPlatformx64

Microsoft ≫ Internet Explorer Version9

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows 7 HwPlatformx64
   Microsoft ≫ Windows 7 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows 7 Updatesp1 HwPlatformx86
   Microsoft ≫ Windows 7 Version- Update- HwPlatformx64
   Microsoft ≫ Windows 7 Version- Updatesp1 HwPlatformx64
   Microsoft ≫ Windows 7 Version- Updatesp1 HwPlatformx86
   Microsoft ≫ Windows Server 2008 Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Server 2008 Version- Updatesp2
   Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformx64
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Vista Updatesp2 HwPlatformx64
   Microsoft ≫ Windows Vista Versionsp2

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Internet Explorer Use-After-Free Vulnerability

Vulnerability

Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	92.69%	0.997

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://www.us-cert.gov/cas/techalerts/TA12-255A.html

Third Party Advisory

US Government Resource

http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/

Broken Link

http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb

Broken Link

http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/

Third Party Advisory

http://technet.microsoft.com/security/advisory/2757760

Patch

Vendor Advisory