Microsoft Internet Explorer "CDwnBindInfo" Use-After-Free Vulnerability
Last Update Date:
15 Jan 2013
Release Date:
31 Dec 2012
4564
Views
RISK: Extremely High Risk
TYPE: Clients - Browsers
A vulnerability has been identified in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error when handling the "CDwnBindInfo" object and can be exploited to dereference an already freed object.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Internet Explorer 6.x
- Microsoft Internet Explorer 7.x
- Microsoft Internet Explorer 8.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- [UPDATED 15 Jan 2013] Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/ms13-008
Vulnerability Identifier
Source
Related Link
- http://technet.microsoft.com/en-us/security/advisory/2794220
- http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx
- http://www.kb.cert.org/vuls/id/154201
- http://secunia.com/advisories/51695
- http://securitytracker.com/id/1027930
- http://technet.microsoft.com/en-us/security/bulletin/ms13-008
Share with