Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2012-4969

Published: 18/09/2012 Updated: 21/11/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Internet Explorer

Vulnerability Summary

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote malicious users to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet_explorer 6

microsoft internet_explorer 7

microsoft internet_explorer 8

microsoft internet_explorer 9

Exploits

Exploit DB: Microsoft Internet Explorer - execCommand Use-After-Free (MS12-063) (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking inclu ...

Recent Articles

Chinese chap collared, charged over massive US Office of Personnel Management hack
The Register • Iain Thomson in San Francisco • 25 Aug 2017

Fingers pointed at Yu Pingan & unnamed conspirators in PRC

A Chinese fella has been accused by the FBI of being a key team member in the hacking crew that took down the US Office of Personnel Management (OPM). Yu Pingan was cuffed at Los Angeles international airport by the Feds and this week charged with computer hacking. The OPM infiltration, first discovered in 2015, was a massive embarrassment to the US government. Hackers stole paperwork for security background checks on 21.56 million individuals – including the fingerprint records for 5.6 millio...

Read more...

References

NVD-CWE-Otherhttp://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wildhttp://technet.microsoft.com/security/advisory/2757760http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rbhttp://www.us-cert.gov/cas/techalerts/TA12-265A.htmlhttp://www.us-cert.gov/cas/techalerts/TA12-262A.htmlhttp://www.kb.cert.org/vuls/id/480095http://www.securitytracker.com/id?1027538http://www.us-cert.gov/cas/techalerts/TA12-255A.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15729https://nvd.nist.govhttps://www.exploit-db.com/exploits/21840/https://www.kb.cert.org/vuls/id/480095
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook