Microsoft Internet Explorer "CDwnBindInfo" Use-After-Free Vulnerability
Last Update Date:
24 Jul 2024
Release Date:
31 Dec 2012
6452
Views
RISK: Extremely High Risk
TYPE: Clients - Browsers
A vulnerability has been identified in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error when handling the "CDwnBindInfo" object and can be exploited to dereference an already freed object.
Note:
Exploit in the wild has been detected for CVE-2012-4792.
[Updated on 2024-07-24]
Updated Description and Related Links.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Internet Explorer 6.x
- Microsoft Internet Explorer 7.x
- Microsoft Internet Explorer 8.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- [UPDATED 15 Jan 2013] Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/ms13-008
Vulnerability Identifier
Source
Related Link
- https://www.cisa.gov/news-events/alerts/2024/07/23/cisa-adds-two-known-exploited-vulnerabilities-catalog
- http://technet.microsoft.com/en-us/security/advisory/2794220
- http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx
- http://www.kb.cert.org/vuls/id/154201
- http://secunia.com/advisories/51695
- http://securitytracker.com/id/1027930
- http://technet.microsoft.com/en-us/security/bulletin/ms13-008
Share with