Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Microsoft
  • Windows 7
  • Windows Vista
  • Internet Explorer
  • Windows Xp
  • Windows Server
  • Windows Server 2008

Configuration 1 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server:2003:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server:2003:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server:2003:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server:2003:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server:2003:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server:2003:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server:2008:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server:2008:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server:2008:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*

Configuration 3 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server:2003:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server:2003:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server:2008:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server:2008:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*

Configuration 4 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_7:-:-:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:sp2:*:*:*:*:*:*:*
References
Link Resource
http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/ Broken Link
http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb Broken Link
http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/ Third Party Advisory
http://technet.microsoft.com/security/advisory/2757760 Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/480095 Third Party Advisory US Government Resource
http://www.securitytracker.com/id?1027538 Third Party Advisory VDB Entry
http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA12-255A.html Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA12-262A.html Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA12-265A.html Third Party Advisory US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15729 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2012-09-18T10:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2012-09-18T00:00:00

Link: CVE-2012-4969

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2012-09-18T10:39:14.147

Modified: 2017-11-21T18:13:03.067

Link: CVE-2012-4969

JSON object: View

cve-icon Redhat Information

No data.

CWE