Vulnerability: Arbitrary code execution in Microsoft Internet Explorer
Severity Rating: Critical
CVE ID: CVE-2012-4792
Vector of operation: Remote
Impact: System Compromise
CWE ID: CWE-119: An error occurred in the buffer
Exploited by active exploitation of the vulnerability
Affected Products: Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Affected versions: Microsoft Internet Explorer version 6.x, 7.x, 8.x
The vulnerability allows a remote user to execute arbitrary code on the target system.
An error after release of the processing facility ‘CDwnBindInfo’. This can be exploited via a specially crafted Web-page call dereference already freed object and execute arbitrary code on the target system.
Note: The vulnerability is being actively exploited in the present.
Solution: The way to eliminate the vulnerability does not exist at present.