9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.916 High
EPSS
Percentile
98.9%
Added: 01/04/2013
CVE: CVE-2012-4792
BID: 57070
OSVDB: 88774
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
All references to DOM button objects are not properly removed when a DOM buttom object is deleted. If the stale references are used, an attempt to access unallocated memory may occur. This results in a use-after-free vulnerability.
Apply the appropriate update referenced in Microsoft Security Bulletin MS13-008.
<http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx>
<https://threatpost.com/en_us/blogs/council-foreign-relations-website-hit-watering-hole-attack-ie-zero-day-exploit-122912>
<http://technet.microsoft.com/en-us/security/advisory/2794220>
This exploit has been tested against Microsoft Internet Explorer 8 running on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).
Windows