Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-12-199
HistoryDec 21, 2012 - 12:00 a.m.

Microsoft Internet Explorer execCommand Remote Code Execution Vulnerability

2012-12-2100:00:00
Anonymous
www.zerodayinitiative.com
30

0.821 High

EPSS

Percentile

98.4%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CCommand::Exec function. It is possible to free certain objects in a callback function called from the CCommand::Exec function. Upon return from this function a local variable is being re-used without check. This can lead to a use-after-free issue that can result in remote code execution under the context of the current process.

Related

nessus 2
canvas 1
saint 4
cert 1
threatpost 6
prion 1
attackerkb 3
checkpoint_advisories 1
cisa_kev 1
cve 1
thn 7
cvelist 1
cisa 1
nvd 1
securityvulns 1
openvas 2
mskb 1
nessus
nessus
MS KB2757760: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)
2012-09-19 00:00:00
MS12-063: Cumulative Security Update for Internet Explorer (2744842)
2012-09-21 00:00:00
canvas
canvas
Immunity Canvas: IE_EXECCOMMAND
2012-09-18 10:39:00
saint
saint
Internet Explorer CMshtmlEd execCommand Use After Free
2012-09-19 00:00:00
Internet Explorer CMshtmlEd execCommand Use After Free
2012-09-19 00:00:00
Internet Explorer CMshtmlEd execCommand Use After Free
2012-09-19 00:00:00
cert
cert
Microsoft Internet Explorer 6/7/8/9 contain a use-after-free vulnerability
2012-09-17 00:00:00
threatpost
threatpost
Another IE Exploit Targeting Defense Industry Discovered
2012-09-24 17:27:15
Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack
2013-01-02 21:41:29
IE Zero-Day Watering Hole Attack Expands to Handful of Political Sites
2013-01-03 22:02:04
prion
prion
Design/Logic Flaw
2012-09-18 10:39:00
attackerkb
attackerkb
Microsoft Internet Explorer execCommand Use-After-Free
2012-09-18 00:00:00
CVE-2012-4969
2012-09-18 00:00:00
Microsoft Internet Explorer SetMouseCapture Use-After-Free
2020-10-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer execCommand Use-After-Free (CVE-2012-4969)
2012-09-19 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Use-After-Free Vulnerability
2022-06-08 00:00:00
cve
cve
CVE-2012-4969
2012-09-18 10:39:14
thn
thn
Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969
2012-09-19 20:08:00
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 12:23:00
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 01:23:00
cvelist
cvelist
CVE-2012-4969
2012-09-18 10:00:00
cisa
cisa
Microsoft Releases Security Advisory for Internet Explorer
2012-09-19 00:00:00
nvd
nvd
CVE-2012-4969
2012-09-18 10:39:14
securityvulns
securityvulns
Microsoft Internet Explorer memory corruption
2012-10-25 00:00:00
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
2012-09-18 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
2012-09-18 00:00:00
mskb
mskb
MS12-063: Cumulative Security Update for Internet Explorer: September 21, 2012
2012-09-21 00:00:00

0.821 High

EPSS

Percentile

98.4%

JSON
Related for ZDI-12-199
nessus2canvas1saint4cert1threatpost6prion1attackerkb3checkpoint_advisories1cisa_kev1cve1thn7cvelist1cisa1nvd1securityvulns1openvas2mskb1