Vulnerabilities > CVE-2012-2523 - Numeric Errors vulnerability in Microsoft Internet Explorer, Jscript and Vbscript

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
CWE-189
critical
nessus

Summary

Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."

Common Weakness Enumeration (CWE)

Msbulletin

  • bulletin_idMS12-052
    bulletin_url
    date2012-08-14T00:00:00
    impactRemote Code Execution
    knowledgebase_id2722913
    knowledgebase_url
    severityCritical
    titleCumulative Security Update for Internet Explorer
  • bulletin_idMS12-056
    bulletin_url
    date2012-08-14T00:00:00
    impactRemote Code Execution
    knowledgebase_id2706045
    knowledgebase_url
    severityImportant
    titleVulnerability in JScript and VBScript Engines Could Allow Remote Code Execution

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS12-052.NASL
    descriptionThe remote host is missing Internet Explorer (IE) Security Update 2722913. The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id61527
    published2012-08-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61527
    titleMS12-052: Cumulative Security Update for Internet Explorer (2722913)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61527);
      script_version("1.13");
      script_cvs_date("Date: 2018/11/15 20:50:31");
    
      script_cve_id("CVE-2012-1526", "CVE-2012-2521", "CVE-2012-2522", "CVE-2012-2523");
      script_bugtraq_id(54945, 54950, 54951, 54952);
      script_xref(name:"MSFT", value:"MS12-052");
      script_xref(name:"IAVA", value:"2012-A-0130");
      script_xref(name:"MSKB", value:"2722913");
    
      script_name(english:"MS12-052: Cumulative Security Update for Internet Explorer (2722913)");
      script_summary(english:"Checks version of Mshtml.dll");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote host is affected by code execution vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote host is missing Internet Explorer (IE) Security Update
    2722913.
    
    The installed version of IE is affected by vulnerabilities that could
    allow an attacker to execute arbitrary code on the remote host."
      );
      script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-052");
      script_set_attribute(
        attribute:"solution",
        value:
    "Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
    and 2008 R2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_func.inc");
    include("smb_hotfixes.inc");
    include("smb_hotfixes_fcheck.inc");
    include("misc_func.inc");
    
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = 'MS12-052';
    kb = '2722913';
    
    kbs = make_list(kb);
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
    
    rootfile = hotfix_get_systemroot();
    if (!rootfile) exit(1, "Failed to get the system root.");
    
    share = hotfix_path2share(path:rootfile);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    if (
      # Windows 7 / 2008 R2
      #
      # - Internet Explorer 9
      hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.20554", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.16448", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 8
      hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22032", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.17874", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.21245", min_version:"8.0.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.17051", min_version:"8.0.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Vista / 2008
      #
      # - Internet Explorer 9
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20554", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16448", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 8
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23385", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19298", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 7
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.22885", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18658", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows 2003 / XP 64-bit
      #
      # - Internet Explorer 8
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23385", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.19298", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 7
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21314", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.17112", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 6
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5029",  min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows XP x86
      #
      # - Internet Explorer 8
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23385", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.19298", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 7
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.21314", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.17112", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 6
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6266",  min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
    )
    {
      set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, 'affected');
    }
    
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS12-056.NASL
    descriptionThe installed versions of the JScript and VBScript scripting engines contain an integer overflow vulnerability that can occur when the scripting engines process a script in a web page and attempt to calculate the size of an object in memory during a copy operation. By tricking a user on the affected system into visiting a malicious web site, an attacker may be able to exploit this issue to execute arbitrary code subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id61531
    published2012-08-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61531
    titleMS12-056: Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2706045)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61531);
      script_version("1.13");
      script_cvs_date("Date: 2018/11/15 20:50:31");
    
      script_cve_id("CVE-2012-2523");
      script_bugtraq_id(54945);
      script_xref(name:"MSFT", value:"MS12-056");
      script_xref(name:"IAVA", value:"2012-A-0130");
      script_xref(name:"MSKB", value:"2706045");
    
      script_name(english:"MS12-056: Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2706045)");
      script_summary(english:"Checks versions of Jscript.dll / Vbscript.dll");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "Arbitrary code can be executed on the remote host through the installed
    JScript and VBScript scripting engines."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The installed versions of the JScript and VBScript scripting engines
    contain an integer overflow vulnerability that can occur when the
    scripting engines process a script in a web page and attempt to
    calculate the size of an object in memory during a copy operation.
    
    By tricking a user on the affected system into visiting a malicious web
    site, an attacker may be able to exploit this issue to execute arbitrary
    code subject to the user's privileges."
      );
      script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-056");
      script_set_attribute(
        attribute:"solution",
        value:
    "Microsoft has released a set of patches for 64-bit editions of Windows
    XP, 2003, Vista, 2008, 7, and 2008 R2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "smb_nt_ms12-052.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, 'Host/patch_management_checks');
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("misc_func.inc");
    
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = 'MS12-056';
    kb = "2706045";
    kbs = make_list(kb);
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
    
    rootfile = hotfix_get_systemroot();
    if (!rootfile) exit(1, "Failed to get the system root.");
    
    share = hotfix_path2share(path:rootfile);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    # Only x64 is affected
    arch = get_kb_item_or_exit('SMB/ARCH', exit_code:1);
    if (arch != 'x64') exit(0, "The host is not affected since it is not running a 64-bit version of Windows.");
    
    ie_ver = get_kb_item_or_exit("SMB/IE/Version");
    
    if (
      (ie_ver =~ "^8\.") &&
      (
        # Windows 7 x64 and Windows Server 2008 R2
        hotfix_is_vulnerable(os:"6.1", sp:1, arch:"x64", file:"Jscript.dll",  version:"5.8.7601.22024", min_version:"5.8.7601.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"6.1", sp:1, arch:"x64", file:"Vbscript.dll", version:"5.8.7601.22024", min_version:"5.8.7601.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"6.1", sp:1, arch:"x64", file:"Jscript.dll",  version:"5.8.7601.17866", min_version:"5.8.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"6.1", sp:1, arch:"x64", file:"Vbscript.dll", version:"5.8.7601.17866", min_version:"5.8.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
        hotfix_is_vulnerable(os:"6.1", sp:0, arch:"x64", file:"Jscript.dll",  version:"5.8.7600.21238", min_version:"5.8.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"6.1", sp:0, arch:"x64", file:"Vbscript.dll", version:"5.8.7600.21238", min_version:"5.8.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"6.1", sp:0, arch:"x64", file:"Jscript.dll",  version:"5.8.7600.17045", min_version:"5.8.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"6.1", sp:0, arch:"x64", file:"Vbscript.dll", version:"5.8.7600.17045", min_version:"5.8.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
        # Vista x64 / Windows 2008 x64
        hotfix_is_vulnerable(os:"6.0", sp:2, arch:"x64", file:"Jscript.dll",  version:"5.8.6001.23380", min_version:"5.8.6001.22000", dir:"\System32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"6.0", sp:2, arch:"x64", file:"Vbscript.dll",  version:"5.8.6001.23380", min_version:"5.8.6001.22000", dir:"\System32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"6.0", sp:2, arch:"x64", file:"Jscript.dll",  version:"5.8.6001.19293", min_version:"5.8.6001.18000", dir:"\System32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"6.0", sp:2, arch:"x64", file:"Vbscript.dll",  version:"5.8.6001.19293", min_version:"5.8.6001.18000", dir:"\System32", bulletin:bulletin, kb:kb) ||
    
        # Windows 2003 x64 / XP x64
        hotfix_is_vulnerable(os:"5.2", sp:2, arch:"x64", file:"Vbscript.dll", version:"5.8.6001.23380", min_version:"5.8.0.0",        dir:"\system32", bulletin:bulletin, kb:kb) ||
        hotfix_is_vulnerable(os:"5.2", sp:2, arch:"x64", file:"Jscript.dll",  version:"5.8.6001.23380", min_version:"5.8.0.0",        dir:"\system32", bulletin:bulletin, kb:kb)
      )
    ) vuln = TRUE;
    
    
    #######################
    # KB2722913           #
    #######################
    if (ie_ver =~ "^9\.")
    {
      if (!isnull(get_kb_item("SMB/Missing/MS12-052")))
      {
        report =
        '\nThis bulletin corrects the vulnerability in Internet' +
        '\nExplorer 8, however Internet Explorer 9 is installed and' +
        '\nits fix, KB2722913, is missing. To obtain protection from' +
        '\nthe vulnerability noted in CVE-2012-2523, you must install' +
        '\nKB2722913 which is described in MS12-052.';
    
        hotfix_add_report(report, bulletin:bulletin, kb:"2722913");
        vuln = TRUE;
      }
    }
    
    if (vuln)
    {
      set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, 'affected');
    }
    

Oval

accepted2014-08-18T04:01:25.057-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Windows XP x64 is installed
    ovaloval:org.mitre.oval:def:15247
  • commentMicrosoft Windows Server 2003 (x64) is installed
    ovaloval:org.mitre.oval:def:730
  • commentMicrosoft Internet Explorer 8 is installed
    ovaloval:org.mitre.oval:def:6210
  • commentMicrosoft Internet Explorer 8 is installed
    ovaloval:org.mitre.oval:def:6210
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
  • commentMicrosoft Internet Explorer 8 is installed
    ovaloval:org.mitre.oval:def:6210
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
  • commentMicrosoft Internet Explorer 8 is installed
    ovaloval:org.mitre.oval:def:6210
  • commentMicrosoft Internet Explorer 8 is installed
    ovaloval:org.mitre.oval:def:6210
  • commentMicrosoft Windows XP x64 is installed
    ovaloval:org.mitre.oval:def:15247
  • commentMicrosoft Windows Server 2003 (x64) is installed
    ovaloval:org.mitre.oval:def:730
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Internet Explorer 9 is installed
    ovaloval:org.mitre.oval:def:11985
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
descriptionInteger overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
familywindows
idoval:org.mitre.oval:def:15790
statusaccepted
submitted2012-08-20T12:14:57
titleJavaScript Integer Overflow Remote Code Execution Vulnerability - MS12-052 and MS12-056
version74

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:54945 CVE ID:CVE-2012-2523 Microsoft Internet Explorer是一款流行的WEB浏览器。 在64位平台上的Microsoft Internet Explorer和JScript 5.8在对象拷贝过程中由于不正确的大小计算,可被攻击者利用触发整数溢出,攻击者构建恶意WEB页,诱使用户解析,可以应用程序上下文执行任意代码。 0 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://technet.microsoft.com/en-us/security/bulletin/MS12-052
idSSV:60326
last seen2017-11-19
modified2012-08-18
published2012-08-18
reporterRoot
titleMicrosoft Internet Explorer JavaScript整数溢出代码执行漏洞