ID CVE-2012-2523
Summary Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
References
Vulnerable Configurations
  • Microsoft Internet Explorer 8
    cpe:2.3:a:microsoft:internet_explorer:8
  • Microsoft Internet Explorer 9
    cpe:2.3:a:microsoft:internet_explorer:9
  • Microsoft JScript 5.8
    cpe:2.3:a:microsoft:jscript:5.8
  • Microsoft VBScript 5.8 for 64-bit systems (x64)
    cpe:2.3:a:microsoft:vbscript:5.8:-:x64
CVSS
Base: 9.3 (as of 22-09-2016 - 11:16)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
  • bulletin_id MS12-056
    bulletin_url
    date 2012-08-14T00:00:00
    impact Remote Code Execution
    knowledgebase_id 2706045
    knowledgebase_url
    severity Important
    title Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution
  • bulletin_id MS12-052
    bulletin_url
    date 2012-08-14T00:00:00
    impact Remote Code Execution
    knowledgebase_id 2722913
    knowledgebase_url
    severity Critical
    title Cumulative Security Update for Internet Explorer
nessus via4
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS12-056.NASL
    description The installed versions of the JScript and VBScript scripting engines contain an integer overflow vulnerability that can occur when the scripting engines process a script in a web page and attempt to calculate the size of an object in memory during a copy operation. By tricking a user on the affected system into visiting a malicious web site, an attacker may be able to exploit this issue to execute arbitrary code subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 61531
    published 2012-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61531
    title MS12-056: Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2706045)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS12-052.NASL
    description The remote host is missing Internet Explorer (IE) Security Update 2722913. The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 61527
    published 2012-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61527
    title MS12-052: Cumulative Security Update for Internet Explorer (2722913)
oval via4
accepted 2014-08-18T04:01:25.057-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Internet Explorer 8 is installed
    oval oval:org.mitre.oval:def:6210
  • comment Microsoft Internet Explorer 8 is installed
    oval oval:org.mitre.oval:def:6210
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Internet Explorer 8 is installed
    oval oval:org.mitre.oval:def:6210
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Internet Explorer 8 is installed
    oval oval:org.mitre.oval:def:6210
  • comment Microsoft Internet Explorer 8 is installed
    oval oval:org.mitre.oval:def:6210
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Internet Explorer 9 is installed
    oval oval:org.mitre.oval:def:11985
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
description Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
family windows
id oval:org.mitre.oval:def:15790
status accepted
submitted 2012-08-20T12:14:57
title JavaScript Integer Overflow Remote Code Execution Vulnerability - MS12-052 and MS12-056
version 71
refmap via4
cert TA12-227A
ms
  • MS12-052
  • MS12-056
Last major update 22-09-2016 - 13:12
Published 14-08-2012 - 21:55
Last modified 12-10-2018 - 18:03
Back to Top