Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Explorer memory corruption
updated since 19.09.2012
Published:25.10.2012
Source:
SecurityVulns ID:12594
Type:client
Threat Level:
9/10
Description:Use-after-free vulnereability is actively used in-the-wild to install malware.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-4969 (Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.)
 CVE-2012-2557 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability.")
 CVE-2012-2548 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability.")
 CVE-2012-2546 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability.")
 CVE-2012-1529 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "scrollIntoView" Use-After-Free Vulnerability (MS12-063) (25.10.2012)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "OnMove" Use-After-Free Vulnerability (MS12-063) (25.10.2012)
 documentCERT, US-CERT Alert TA12-265A - Microsoft Releases Patch for Internet Explorer Exploit (24.09.2012)
 documentCERT, US-CERT Alert TA12-262A - Microsoft Security Advisory for Internet Explorer Exploit (19.09.2012)
Files:Microsoft Security Advisory (2757760)
 Microsoft Security Bulletin MS12-063 - Critical Cumulative Security Update for Internet Explorer (2744842)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod