First published: Sun Dec 30 2012(Updated: )
Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.
Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Internet Explorer | ||
All of | ||
Internet Explorer | =6 | |
Any of | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
All of | ||
Internet Explorer | =7 | |
Any of | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
All of | ||
Internet Explorer | =8 | |
Any of | ||
Microsoft Windows 7 | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
Internet Explorer | =6 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
Internet Explorer | =7 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Internet Explorer | =8 | |
Microsoft Windows 7 | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =r2 |
The impacted product is end-of-life and should be disconnected if still in use.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-4792 has a critical severity rating due to its potential to allow remote code execution.
To fix CVE-2012-4792, users should update Internet Explorer to the latest version available from Microsoft.
CVE-2012-4792 affects Internet Explorer versions 6, 7, and 8 on supported Windows operating systems.
Yes, CVE-2012-4792 can be exploited remotely through specially crafted web pages.
Successful exploitation of CVE-2012-4792 could allow an attacker to execute arbitrary code, potentially compromising the system.