Vulnerabilities > CVE-2012-4792 - Use After Free vulnerability in Microsoft Internet Explorer 6/7/8

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
microsoft
CWE-416
nessus
exploit available
metasploit

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionMicrosoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability. CVE-2012-4792. Remote exploit for windows platform
    idEDB-ID:23754
    last seen2016-02-02
    modified2012-12-31
    published2012-12-31
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/23754/
    titleMicrosoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability
  • descriptionMicrosoft Internet Explorer CButton Object Use-After-Free Vulnerability. CVE-2012-4792. Remote exploit for windows platform
    idEDB-ID:23785
    last seen2016-02-02
    modified2013-01-02
    published2013-01-02
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/23785/
    titleMicrosoft Internet Explorer CButton Object Use-After-Free Vulnerability

Metasploit

descriptionThis module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
idMSF:EXPLOIT/WINDOWS/BROWSER/IE_CBUTTON_UAF
last seen2020-06-10
modified2020-02-18
published2012-12-31
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/ie_cbutton_uaf.rb
titleMS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability

Msbulletin

bulletin_idMS13-008
bulletin_url
date2013-01-14T00:00:00
impactRemote Code Execution
knowledgebase_id2799329
knowledgebase_url
severityCritical
titleSecurity Update for Internet Explorer

Nessus

  • NASL familyWindows
    NASL idSMB_KB2794220.NASL
    descriptionThe remote host is missing the workaround referenced in KB 2794220 (Microsoft
    last seen2020-06-01
    modified2020-06-02
    plugin id63372
    published2013-01-02
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63372
    titleMS KB2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)
    code
    #@DEPRECATED
    #
    # Disabled on 2013/01/14. Deprecated by smb_nt_ms13-008.nasl
    
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63372);
      script_version("1.18");
      script_cvs_date("Date: 2018/11/15 20:50:28");
    
      script_cve_id("CVE-2012-4792");
      script_bugtraq_id(57070);
      script_xref(name:"CERT", value:"154201");
      script_xref(name:"EDB-ID", value:"23754");
      script_xref(name:"MSKB", value:"2794220");
    
      script_name(english:"MS KB2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)");
      script_summary(english:"Checks if 'Fix it' 50971 is in use.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host has a web browser installed that is affected by a
    remote code execution vulnerability."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote host is missing the workaround referenced in KB 2794220
    (Microsoft 'Fix it' 50971).  This workaround mitigates a use-after-free
    vulnerability in Internet Explorer.  Without this workaround enabled, an
    attacker could exploit this vulnerability by tricking a user into
    viewing a maliciously crafted web page, resulting in arbitrary code
    execution.  This vulnerability is being actively exploited in the wild.
    
    Note that the Microsoft 'Fix it' solution is effective only if the latest
    available version of 'mshtml.dll' is installed. 
    
    This plugin has been deprecated due to the publication of MS13-008. 
    Microsoft has released updates that make the workarounds unnecessary. 
    To check for those, use Nessus plugin ID 63522.");
      script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/2794220");
      script_set_attribute(attribute:"solution", value:"Apply Microsoft 'Fix it' 50971.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/12/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
    
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_hotfixes.nasl");
      script_require_keys("SMB/Registry/Enumerated", "SMB/WindowsVersion", "SMB/ProductName");
      script_require_ports(139, 445);
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.  Use smb_nt_ms13-008.nasl (plugin ID 63522) instead.");
    
    include("audit.inc");
    include("smb_func.inc");
    include("smb_hotfixes.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_reg_query.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit('SMB/WindowsVersion');
    if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0)
      audit(AUDIT_OS_SP_NOT_VULN);
    if (hotfix_check_server_core() == 1)
      audit(AUDIT_WIN_SERVER_CORE);
    
    ie_ver = hotfix_check_ie_version();
    if (ie_ver !~ "^[678]\.") audit(AUDIT_INST_VER_NOT_VULN, 'IE', ie_ver);
    
    port = kb_smb_transport();
    vuln = 0;
    
    registry_init();
    handle = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
    
    systemroot = hotfix_get_systemroot();
    if(!systemroot) audit(AUDIT_FN_FAIL, 'hotfix_get_systemroot');
    
    guid = '{a1447a51-d8b1-4e93-bb19-82bd20da6fd2}';
    path = get_registry_value(handle:handle, item:"SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\" + guid);
    
    if (isnull(path))
      path = systemroot + "\AppPatch\Custom\" + guid + '.sdb';
    
    RegCloseKey(handle:handle);
    close_registry(close:FALSE);
    
    # Now make sure the file is in place
    if (hotfix_file_exists(path:path))
      vuln = FALSE;
    else
      vuln = TRUE;
    
    hotfix_check_fversion_end();
    
    if (!vuln)
      audit(AUDIT_HOST_NOT, 'affected');
    
    if (report_verbosity > 0)
    {
      report =
        '\nNessus determined the Microsoft \'Fix it\' solution is not in use because' +
        '\nthe following file was not found :\n\n' +
        path + '\n';
      security_hole(port:port, extra:report);
    }
    else security_hole(port);
    
    
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS13-008.NASL
    descriptionThe remote host is missing Internet Explorer (IE) Security Update 2799329. The installed version of IE is affected by a vulnerability that could allow an attacker to execute arbitrary code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id63522
    published2013-01-14
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63522
    titleMS13-008: Security Update for Internet Explorer (2799329)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(63522);
      script_version("1.16");
      script_cvs_date("Date: 2018/11/15 20:50:31");
    
      script_cve_id("CVE-2012-4792");
      script_bugtraq_id(57070);
      script_xref(name:"CERT", value:"154201");
      script_xref(name:"EDB-ID", value:"23754");
      script_xref(name:"MSFT", value:"MS13-008");
      script_xref(name:"MSKB", value:"2799329");
    
      script_name(english:"MS13-008: Security Update for Internet Explorer (2799329)");
      script_summary(english:"Checks version of Mshtml.dll");
    
      script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a code execution vulnerability.");
      script_set_attribute(
        attribute:"description",
        value:
    "The remote host is missing Internet Explorer (IE) Security Update
    2799329.
    
    The installed version of IE is affected by a vulnerability that could
    allow an attacker to execute arbitrary code on the remote host."
      );
      script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-008");
      script_set_attribute(
        attribute:"solution",
        value:
    "Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
    2008 R2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_func.inc");
    include("smb_hotfixes.inc");
    include("smb_hotfixes_fcheck.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = 'MS13-008';
    kb = '2799329';
    
    kbs = make_list(kb);
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
    
    rootfile = hotfix_get_systemroot();
    if (!rootfile) exit(1, "Failed to get the system root.");
    
    share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:rootfile);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    
    if (
      # Windows 7 / 2008 R2
      #
      # - Internet Explorer 8
      hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22185", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.18021", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.21393", min_version:"8.0.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.17185", min_version:"8.0.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Vista / 2008
      #
      # - Internet Explorer 8
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23462", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19394", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 7
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.22995", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18747", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows 2003 / XP 64-bit
      #
      # - Internet Explorer 8
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23462", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.19394", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 7
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21319", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.17117", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 6
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5098",  min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows XP x86
      #
      # - Internet Explorer 8
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23462", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.19394", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 7
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.21319", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.17117", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
      # - Internet Explorer 6
      hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6325",  min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
    )
    {
      set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, 'affected');
    }
    

Oval

accepted2014-08-18T04:01:35.494-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Internet Explorer 6 is installed
    ovaloval:org.mitre.oval:def:563
  • commentMicrosoft Windows XP (32-bit) is installed
    ovaloval:org.mitre.oval:def:1353
  • commentMicrosoft Windows XP x64 is installed
    ovaloval:org.mitre.oval:def:15247
  • commentMicrosoft Windows Server 2003 (32-bit) is installed
    ovaloval:org.mitre.oval:def:1870
  • commentMicrosoft Windows Server 2003 (x64) is installed
    ovaloval:org.mitre.oval:def:730
  • commentMicrosoft Windows Server 2003 (ia64) Gold is installed
    ovaloval:org.mitre.oval:def:396
  • commentMicrosoft Internet Explorer 7 is installed
    ovaloval:org.mitre.oval:def:627
  • commentMicrosoft Windows XP (32-bit) is installed
    ovaloval:org.mitre.oval:def:1353
  • commentMicrosoft Windows XP x64 is installed
    ovaloval:org.mitre.oval:def:15247
  • commentMicrosoft Windows Server 2003 (32-bit) is installed
    ovaloval:org.mitre.oval:def:1870
  • commentMicrosoft Windows Server 2003 (x64) is installed
    ovaloval:org.mitre.oval:def:730
  • commentMicrosoft Windows Server 2003 (ia64) Gold is installed
    ovaloval:org.mitre.oval:def:396
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Internet Explorer 8 is installed
    ovaloval:org.mitre.oval:def:6210
  • commentMicrosoft Windows XP (32-bit) is installed
    ovaloval:org.mitre.oval:def:1353
  • commentMicrosoft Windows XP x64 is installed
    ovaloval:org.mitre.oval:def:15247
  • commentMicrosoft Windows Server 2003 (32-bit) is installed
    ovaloval:org.mitre.oval:def:1870
  • commentMicrosoft Windows Server 2003 (x64) is installed
    ovaloval:org.mitre.oval:def:730
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows 7 is installed
    ovaloval:org.mitre.oval:def:12541
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
descriptionUse-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
familywindows
idoval:org.mitre.oval:def:16361
statusaccepted
submitted2013-01-17T11:16:34
titleInternet Explorer Use After Free Vulnerability - MS13-008
version74

Packetstorm

Saint

bid57070
descriptionInternet Explorer CButton Use After Free Vulnerability
idwin_patch_ie_v8
osvdb88774
titleie_cbutton_uaf
typeclient

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 57070 CVE(CAN) ID: CVE-2012-4792 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Internet Explorer在mshtml!CDwnBindInfo对象的处理上存在释放后重用漏洞,远程攻击者可能利用此漏洞通过诱使用户访问恶意网页内容导致执行任意代码控制用户系统。 此漏洞是0day漏洞,目前已被发现用于执行针对性的攻击。 不受影响系统: Microsoft Internet Explorer 9.x Microsoft Internet Explorer 10.x 0 Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁: * 在厂商补丁发布之前,我们建议用户暂时改用非IE内核浏览器,如Firefox、Chrome。 * 升级IE到版本9或10,因为这两个版本的IE不受此漏洞的影响。 * 对于IE 6、7、8版本浏览器可以采用如下防护措施: 采用厂商提供的Enhanced Mitigation Experience Toolkit (EMET)工具。此方法能有效防范,且不影响正常网站的访问。 增强缓解体验工具包(EMET)是一个实用工具,用于防止软件中的漏洞被成功利用。 从如下网址下载增强缓解体验工具包: http://go.microsoft.com/fwlink/?LinkID=200220&amp;clcid=0x409 安装以后运行,在界面中点击“Configure Apps”,在对话框中点击“Add”,浏览到IE所在的安装目录(通常是c:\program files\Internet Explorer\)选择 iexplore.exe,点击“打开”, IE就被加入到受保护项目列表中,点击“OK”,如果有IE正在运行的话需要重启一下应用。 也可采用类似的操作把其他的应用程序加入保护。 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,但已经发布了针对此漏洞的公告,建议用户采用厂商推荐的临时解决方案处理: http://technet.microsoft.com/en-us/security/advisory/2794220
idSSV:60551
last seen2017-11-19
modified2012-12-31
published2012-12-31
reporterRoot
titleMicrosoft Internet Explorer 6/7/8 mshtml!CDwnBindInfo对象释放后重用代码执行漏洞

The Hacker News

References