ID CVE-2012-4792
Summary Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
References
Vulnerable Configurations
  • Microsoft Internet Explorer 6
    cpe:2.3:a:microsoft:internet_explorer:6
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows Server 2003 Service Pack 2 for Itanium
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:itanium
  • Microsoft Windows Server 2003 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Windows XP Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64
  • Microsoft Internet Explorer 7
    cpe:2.3:a:microsoft:internet_explorer:7
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows Server 2003 Service Pack 2 for Itanium
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:itanium
  • Microsoft Windows Server 2003 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:x64
  • Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64
  • Windows Server 2008 Service Pack 2 x86
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86
  • Microsoft Windows Server 2008 Service Pack 2 for Itanium-Based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Windows XP Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64
  • Microsoft Internet Explorer 8
    cpe:2.3:a:microsoft:internet_explorer:8
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7 64-bit Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64
  • Microsoft Windows 7 x86 Service Pack 1
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows Server 2003 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:x64
  • Windows Server 2008 R2 for Itanium-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:r2:itanium
  • Windows Server 2008 R2 for x64-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:r2:x64
  • Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64
  • Windows Server 2008 Service Pack 2 x86
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86
  • Microsoft Windows Server 2008 r2 Service Pack 1 Itanium
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:itanium
  • Microsoft Windows Server 2008 R2 Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:x64
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Windows XP Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64
CVSS
Base: 9.3 (as of 31-12-2012 - 09:12)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability. CVE-2012-4792. Remote exploit for windows platform
    id EDB-ID:23785
    last seen 2016-02-02
    modified 2013-01-02
    published 2013-01-02
    reporter metasploit
    source https://www.exploit-db.com/download/23785/
    title Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
  • description Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability. CVE-2012-4792. Remote exploit for windows platform
    id EDB-ID:23754
    last seen 2016-02-02
    modified 2012-12-31
    published 2012-12-31
    reporter metasploit
    source https://www.exploit-db.com/download/23754/
    title Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability
metasploit via4
description This module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
id MSF:EXPLOIT/WINDOWS/BROWSER/IE_CBUTTON_UAF
last seen 2018-10-17
modified 2017-07-24
published 2012-12-31
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb
title MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
msbulletin via4
bulletin_id MS13-008
bulletin_url
date 2013-01-14T00:00:00
impact Remote Code Execution
knowledgebase_id 2799329
knowledgebase_url
severity Critical
title Security Update for Internet Explorer
nessus via4
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS13-008.NASL
    description The remote host is missing Internet Explorer (IE) Security Update 2799329. The installed version of IE is affected by a vulnerability that could allow an attacker to execute arbitrary code on the remote host.
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 63522
    published 2013-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63522
    title MS13-008: Security Update for Internet Explorer (2799329)
  • NASL family Windows
    NASL id SMB_KB2794220.NASL
    description The remote host is missing the workaround referenced in KB 2794220 (Microsoft 'Fix it' 50971). This workaround mitigates a use-after-free vulnerability in Internet Explorer. Without this workaround enabled, an attacker could exploit this vulnerability by tricking a user into viewing a maliciously crafted web page, resulting in arbitrary code execution. This vulnerability is being actively exploited in the wild. Note that the Microsoft 'Fix it' solution is effective only if the latest available version of 'mshtml.dll' is installed. This plugin has been deprecated due to the publication of MS13-008. Microsoft has released updates that make the workarounds unnecessary. To check for those, use Nessus plugin ID 63522.
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 63372
    published 2013-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63372
    title MS KB2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)
oval via4
accepted 2014-08-18T04:01:35.494-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Internet Explorer 8 is installed
    oval oval:org.mitre.oval:def:6210
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows 7 is installed
    oval oval:org.mitre.oval:def:12541
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
description Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
family windows
id oval:org.mitre.oval:def:16361
status accepted
submitted 2013-01-17T11:16:34
title Internet Explorer Use After Free Vulnerability - MS13-008
version 69
packetstorm via4
refmap via4
cert
  • TA13-008A
  • TA13-015A
cert-vn VU#154201
confirm
misc
ms MS13-008
saint via4
bid 57070
description Internet Explorer CButton Use After Free Vulnerability
id win_patch_ie_v8
osvdb 88774
title ie_cbutton_uaf
type client
the hacker news via4
Last major update 02-11-2013 - 23:27
Published 30-12-2012 - 13:55
Last modified 30-10-2018 - 12:27
Back to Top