Lucene search

[email protected]CVE-2012-4969

HistorySep 18, 2012 - 10:39 a.m.

CVE-2012-4969

2012-09-1810:39:14

[email protected]

web.nvd.nist.gov

936

In Wild

cve-2012-4969

use-after-free

vulnerability

cmshtmled::exec

mshtml.dll

microsoft internet explorer

remote attackers

arbitrary code

web site

exploit

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.821 High

EPSS

Percentile

98.4%

JSON

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

Affected configurations

NVD

Node

microsoftinternet_explorerMatch6

AND

microsoftwindows_serverMatch2003sp2

microsoftwindows_serverMatch2003sp2itanium

microsoftwindows_serverMatch2003sp2x64

microsoftwindows_xpsp2professionalx64

microsoftwindows_xpsp3

Node

microsoftinternet_explorerMatch7

AND

microsoftwindows_serverMatch2003sp2

microsoftwindows_serverMatch2003sp2itanium

microsoftwindows_serverMatch2003sp2x64

microsoftwindows_serverMatch2008sp2

microsoftwindows_serverMatch2008sp2itanium

microsoftwindows_serverMatch2008sp2x64

microsoftwindows_vistasp2

microsoftwindows_vistasp2x64

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoftinternet_explorerMatch8

AND

microsoftwindows_7x64

microsoftwindows_7sp1x64

microsoftwindows_7Match-sp1x64

microsoftwindows_serverMatch2003sp2

microsoftwindows_serverMatch2003sp2x64

microsoftwindows_serverMatch2008sp2

microsoftwindows_serverMatch2008sp2x64

microsoftwindows_server_2008Matchr2itanium

microsoftwindows_server_2008Matchr2x64

microsoftwindows_server_2008Matchr2sp1itanium

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_vistasp2

microsoftwindows_vistasp2x64

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoftinternet_explorerMatch9

AND

microsoftwindows_7

microsoftwindows_7x64

microsoftwindows_7sp1x64

microsoftwindows_7sp1x86

microsoftwindows_7Match--x64

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2x64

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_vistasp2x64

microsoftwindows_vistaMatchsp2

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq6

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	6

References

blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/

dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb

eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/

technet.microsoft.com/security/advisory/2757760

www.kb.cert.org/vuls/id/480095

www.securitytracker.com/id?1027538

www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild

www.us-cert.gov/cas/techalerts/TA12-255A.html

www.us-cert.gov/cas/techalerts/TA12-262A.html

www.us-cert.gov/cas/techalerts/TA12-265A.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15729

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.821 High

EPSS

Percentile

98.4%

JSON

Related for CVE-2012-4969

nessus2 canvas1 saint4 cert1 threatpost6 prion1 thn7 cvelist1 attackerkb3 checkpoint_advisories1 cisa_kev1 cisa1 nvd1 zdi1 securityvulns1 openvas2 mskb1