Vulnerabilities > CVE-2012-4787 - Resource Management Errors vulnerability in Microsoft Internet Explorer 10/9
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 12 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS12-077 |
bulletin_url | |
date | 2012-12-11T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2761465 |
knowledgebase_url | |
severity | Critical |
title | Cumulative Security Update for Internet Explorer |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS12-077.NASL |
description | The remote host is missing Internet Explorer (IE) Security Update 2761465. The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 63224 |
published | 2012-12-11 |
reporter | This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/63224 |
title | MS12-077: Cumulative Security Update for Internet Explorer (2761465) |
Oval
accepted | 2014-08-18T04:01:31.202-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:16211 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2012-12-12T10:50:10 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Improper Ref Counting Use After Free Vulnerability - MS12-077 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 76 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 56830 CVE(CAN) ID: CVE-2012-4787 Microsoft Internet Explorer是微软公司推出的一款网页浏览器,使用相当广泛。 Microsoft Internet Explorer 6、7、8、9、10在处理恶意HTML内容时,Ref Counting存在错误的内存操作,通过引诱用户浏览恶意网站,未经身份验证的远程攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x Microsoft Internet Explorer 10.x 临时解决方法: * 将“互联网”和“内联网”安全区域设置为“高”,以阻止ActiveX控件和AS。 * 配置IE,在运行AS前提示,或禁用AS。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-077)以及相应补丁: MS12-077:Cumulative Security Update for Internet Explorer (2761465) 链接:http://www.microsoft.com/technet/security/bulletin/MS12-077.mspx 补丁下载:http://update.microsoft.com/ |
id | SSV:60506 |
last seen | 2017-11-19 |
modified | 2012-12-13 |
published | 2012-12-13 |
reporter | Root |
title | Microsoft Internet Explorer Ref Counting释放后重用远程代码执行漏洞(MS12-077) |