Arbitrary code execution in Microsoft Internet Explorer

Posted: December 30, 2012 in Vulnerabilities
Tags: , , ,

internet explorer logoVulnerability: Arbitrary code execution in Microsoft Internet Explorer

Severity Rating: Critical
Patch: None

CVE ID: CVE-2012-4792
Vector of operation: Remote
Impact: System Compromise
CWE ID: CWE-119: An error occurred in the buffer
Exploited by active exploitation of the vulnerability
Affected Products: Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x

Affected versions: Microsoft Internet Explorer version 6.x, 7.x, 8.x

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

An error after release of the processing facility ‘CDwnBindInfo’. This can be exploited via a specially crafted Web-page call dereference already freed object and execute arbitrary code on the target system.

Note: The vulnerability is being actively exploited in the present.

Manufacturer: www.microsoft.com

Solution: The way to eliminate the vulnerability does not exist at present.

Links:

http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html

http://technet.microsoft.com/en-us/security/advisory/2794220

http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s