ID CVE-2012-4782
Summary Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
References
Vulnerable Configurations
  • Microsoft Internet Explorer 9
    cpe:2.3:a:microsoft:internet_explorer:9
  • cpe:2.3:o:microsoft:windows_7:-:x64
    cpe:2.3:o:microsoft:windows_7:-:x64
  • cpe:2.3:o:microsoft:windows_7:-:x86
    cpe:2.3:o:microsoft:windows_7:-:x86
  • Microsoft Windows 7 64-bit Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64
  • Microsoft Windows 7 x86 Service Pack 1
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86
  • Windows Server 2008 R2 for x64-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:r2:x64
  • Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64
  • Windows Server 2008 Service Pack 2 x86
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86
  • Microsoft Windows Server 2008 R2 Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:x64
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
  • Microsoft Internet Explorer 10
    cpe:2.3:a:microsoft:internet_explorer:10
  • Windows 8 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_8:-:-:x64
  • Windows 8 x86 (32-bit)
    cpe:2.3:o:microsoft:windows_8:-:-:x86
  • Microsoft Windows RT
    cpe:2.3:o:microsoft:windows_rt
  • Microsoft Windows Server 2012
    cpe:2.3:o:microsoft:windows_server_2012
CVSS
Base: 9.3 (as of 12-12-2012 - 10:58)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS12-077
bulletin_url
date 2012-12-11T00:00:00
impact Remote Code Execution
knowledgebase_id 2761465
knowledgebase_url
severity Critical
title Cumulative Security Update for Internet Explorer
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS12-077.NASL
description The remote host is missing Internet Explorer (IE) Security Update 2761465. The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
last seen 2019-02-21
modified 2018-11-15
plugin id 63224
published 2012-12-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=63224
title MS12-077: Cumulative Security Update for Internet Explorer (2761465)
oval via4
accepted 2014-08-18T04:01:29.698-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Pradeep R B
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Internet Explorer 9 is installed
    oval oval:org.mitre.oval:def:11985
  • comment Microsoft Windows 7 is installed
    oval oval:org.mitre.oval:def:12541
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows 8 is installed
    oval oval:org.mitre.oval:def:15732
  • comment Microsoft Windows Server 2012 is installed
    oval oval:org.mitre.oval:def:16359
description Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
family windows
id oval:org.mitre.oval:def:16066
status accepted
submitted 2012-12-12T10:50:10
title CMarkup Use After Free Vulnerability - MS12-077
version 73
refmap via4
cert TA12-346A
ms MS12-077
Last major update 02-11-2013 - 23:27
Published 11-12-2012 - 19:55
Last modified 12-10-2018 - 18:03
Back to Top