Vulnerabilities > CVE-2012-1538 - Resource Management Errors vulnerability in Microsoft Internet Explorer 9
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 8 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS12-071 |
bulletin_url | |
date | 2012-11-13T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2761451 |
knowledgebase_url | |
severity | Critical |
title | Cumulative Security Update for Internet Explorer |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS12-071.NASL |
description | The remote host is missing Internet Explorer (IE) Security Update 2761451. The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 62903 |
published | 2012-11-14 |
reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/62903 |
title | MS12-071: Cumulative Security Update for Internet Explorer (2761451) |
code |
|
Oval
accepted | 2014-08-18T04:01:22.617-04:00 | ||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||
description | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability." | ||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:15677 | ||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||
submitted | 2012-11-16T13:24:51 | ||||||||||||||||||||||||||||||||||||
title | CFormElement use after free vulnerability - MS12-071 | ||||||||||||||||||||||||||||||||||||
version | 74 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 56420 CVE ID: CVE-2012-1538 Microsoft Internet Explorer是微软公司推出的一款网页浏览器,使用相当广泛。 IE 9 "CFormElement"类访问错误初始化或删除的对象时存在远程代码执行漏洞,攻击者可利用此漏洞访问已经释放的内存,导致执行任意代码,破坏内存。 0 Microsoft Internet Explorer 9.x 临时解决方法: * 设置互联网和内联网安全区域为“高”,以阻止这些区域内的ActiveX控件和脚本。 * 配置IE,在运行活动脚本时提示,或者直接禁用。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-071)以及相应补丁: MS12-071:Cumulative Security Update for Internet Explorer (2761451) 链接:http://www.microsoft.com/technet/security/bulletin/MS12-071.asp |
id | SSV:60461 |
last seen | 2017-11-19 |
modified | 2012-11-19 |
published | 2012-11-19 |
reporter | Root |
title | Microsoft IE CFormElement释放后重用远程代码执行漏洞(MS12-071) |
References
- http://www.us-cert.gov/cas/techalerts/TA12-318A.html
- http://www.securityfocus.com/bid/56420
- http://www.securitytracker.com/id?1027749
- http://secunia.com/advisories/51202
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15677
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-071