Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2012-4792

Published: 30/12/2012 Updated: 07/12/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote malicious users to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet_explorer 6

microsoft internet_explorer 7

microsoft internet_explorer 8

Exploits

Exploit DB: Microsoft Internet Explorer - CDwnBindInfo Object Use-After-Free (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking inc ...
Exploit DB: Microsoft Internet Explorer - CButton Object Use-After-Free (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking inc ...

Github Repositories

https://github.com/WizardVan/CVE-2012-4792

CVE-2012-4792 simple calc exploitation

CVE-2012-4792 CVE-2012-4792 simple calc exploitation

Recent Articles

Researchers say Anthem health hack has Beijing's fingerprints
The Register • Darren Pauli • 29 Jul 2015

'Black Vine' gang, late of China, fingered as source of heist that lifted 70 million records

The case for a Beijing-orchestrated hack of health insurer Anthem has firmed up with new details suggesting that the sophisticated hacking group responsible for the heist shared zero days with rival outfits. Symantec has overnight dubbed the perps "Black Vine", suggesting the group was responsible for goring more than 70 million personal records from the US company in February. The security firm paints the group as ultra-sophisticated and unusually keen to share its precious trove of zero day vu...

Read more...
Security bods rip off Microsoft's 'sticking plaster' IE bug fix
The Register • John Leyden • 07 Jan 2013

Took them under 24 hours

A security researcher has developed a method to circumvent Microsoft's temporary fix for a zero-day Internet Explorer browser vulnerability. Redmond release a temporary Fix It to defend against the flaw last week, pending the development of a more complete patch which it later emerged would not arrive with updates due to be delivered on Patch Tuesday tomorrow. However, Peter Vreugdenhil, of the vulnerability analysis firm Exodus Intelligence was able to sidestep that protection with a variatio...

Read more...
Microsoft scrambles to thwart new Internet Explorer 0-day attack
The Register • John Leyden • 02 Jan 2013

Patch Tuesday can't come soon enough

Microsoft has pushed out a temporary fix to defend against a zero-day vulnerability that surfaced in attacks launched last week. The security flaw (CVE-2012-4792) - which affects IE 6, 7 and 8 but not the latest versions of Microsoft's web browser software - allows malware to be dropped onto Windows PCs running the vulnerable software, providing, of course, that users can be tricked into visiting booby-trapped websites. Redmond has released a temporary Fix It (easy-to-apply workaround) pending t...

Read more...

References

CWE-399http://technet.microsoft.com/security/advisory/2794220http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/http://www.kb.cert.org/vuls/id/154201http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.htmlhttp://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.htmlhttp://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspxhttp://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspxhttp://www.us-cert.gov/cas/techalerts/TA13-015A.htmlhttp://www.us-cert.gov/cas/techalerts/TA13-008A.htmlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rbhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16361https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-008https://nvd.nist.govhttps://github.com/WizardVan/CVE-2012-4792https://www.exploit-db.com/exploits/23754/https://www.kb.cert.org/vuls/id/154201
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook