Vulnerabilities > CVE-2012-1538 - Resource Management Errors vulnerability in Microsoft Internet Explorer 9

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
CWE-399
nessus
NVD
Published: 2012-11-14
Updated: 2023-12-07

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
1
OS
Microsoft
8

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS12-071
bulletin_url
date2012-11-13T00:00:00
impactRemote Code Execution
knowledgebase_id2761451
knowledgebase_url
severityCritical
titleCumulative Security Update for Internet Explorer

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS12-071.NASL
descriptionThe remote host is missing Internet Explorer (IE) Security Update 2761451. The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id62903
published2012-11-14
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/62903
titleMS12-071: Cumulative Security Update for Internet Explorer (2761451)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(62903);
  script_version("1.13");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2012-1538", "CVE-2012-1539", "CVE-2012-4775");
  script_bugtraq_id(56420, 56421, 56422);
  script_xref(name:"MSFT", value:"MS12-071");
  script_xref(name:"MSKB", value:"2761451");

  script_name(english:"MS12-071: Cumulative Security Update for Internet Explorer (2761451)");
  script_summary(english:"Checks version of Mshtml.dll");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host has a web browser that is affected by code execution
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is missing Internet Explorer (IE) Security Update
2761451.

The installed version of IE is affected by vulnerabilities that could
allow an attacker to execute arbitrary code on the remote host."
  );
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-071");
  script_set_attribute(
    attribute:"solution",
    value:
"Microsoft has released a set of patches for Vista, 2008, 7, and 2008
R2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");


get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS12-071';
kb = '2761451';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);


if (
  # Windows 7 / 2008 R2
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.20562", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.16455", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / 2008
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20562", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16455", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

accepted2014-08-18T04:01:22.617-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Internet Explorer 9 is installed
    ovaloval:org.mitre.oval:def:11985
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows 7 is installed
    ovaloval:org.mitre.oval:def:12541
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
descriptionUse-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
familywindows
idoval:org.mitre.oval:def:15677
statusaccepted
submitted2012-11-16T13:24:51
titleCFormElement use after free vulnerability - MS12-071
version74

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 56420 CVE ID: CVE-2012-1538 Microsoft Internet Explorer是微软公司推出的一款网页浏览器,使用相当广泛。 IE 9 &quot;CFormElement&quot;类访问错误初始化或删除的对象时存在远程代码执行漏洞,攻击者可利用此漏洞访问已经释放的内存,导致执行任意代码,破坏内存。 0 Microsoft Internet Explorer 9.x 临时解决方法: * 设置互联网和内联网安全区域为“高”,以阻止这些区域内的ActiveX控件和脚本。 * 配置IE,在运行活动脚本时提示,或者直接禁用。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-071)以及相应补丁: MS12-071:Cumulative Security Update for Internet Explorer (2761451) 链接:http://www.microsoft.com/technet/security/bulletin/MS12-071.asp
idSSV:60461
last seen2017-11-19
modified2012-11-19
published2012-11-19
reporterRoot
titleMicrosoft IE CFormElement释放后重用远程代码执行漏洞(MS12-071)

References