Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2012-4792
HistoryJul 23, 2024 - 12:00 a.m.

Microsoft Internet Explorer Use-After-Free Vulnerability

2024-07-2300:00:00
CISA
www.cisa.gov
29
microsoft internet explorer
use-after-free
remote attacker
arbitrary code
crafted web site
cdwnbindinfo object
security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.946

Percentile

99.3%

JSON

Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.

Related

saint 4
vulnrichment 1
seebug 2
packetstorm 2
cvelist 1
symantec 1
metasploit 1
attackerkb 1
nvd 1
checkpoint_advisories 1
securityvulns 1
nessus 2
threatpost 6
exploitdb 2
prion 1
openvas 2
cert 1
zdt 1
cve 1
thn 5
saint
saint
Internet Explorer CButton Use After Free Vulnerability
2013-01-04 00:00:00
Internet Explorer CButton Use After Free Vulnerability
2013-01-04 00:00:00
Internet Explorer CButton Use After Free Vulnerability
2013-01-04 00:00:00
vulnrichment
vulnrichment
CVE-2012-4792
2012-12-30 18:00:00
seebug
seebug
Microsoft Internet Explorer 6/7/8 mshtml!CDwnBindInfoε―Ήθ±‘ι‡Šζ”ΎεŽι‡η”¨δ»£η ζ‰§θ‘ŒζΌζ΄ž
2012-12-31 00:00:00
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
2012-12-31 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer CButton Object Use-After-Free
2013-01-02 00:00:00
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
2012-12-31 00:00:00
cvelist
cvelist
CVE-2012-4792
2012-12-30 18:00:00
symantec
symantec
Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability
2012-12-30 00:00:00
metasploit
metasploit
MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
2012-12-31 06:29:19
attackerkb
attackerkb
CVE-2012-4792
2012-12-30 00:00:00
nvd
nvd
CVE-2012-4792
2012-12-30 18:55:01
checkpoint_advisories
checkpoint_advisories
Internet Explorer Heap Spray Memory Corruption (CVE-2012-4792)
2012-12-30 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer use-after-free vulnerabilities
2013-01-16 00:00:00
nessus
nessus
MS13-008: Security Update for Internet Explorer (2799329)
2013-01-14 00:00:00
MS KB2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)
2013-01-02 00:00:00
threatpost
threatpost
Watering Hole Attack Hits US Department of Labor Website
2013-05-01 16:30:58
Out-of-Band IE Patch Released as More Sites Attacked
2013-01-14 20:29:58
IE 8 Zero Day Widens Scope of DoL Watering Hole Attack
2013-05-06 11:14:47
exploitdb
exploitdb
Microsoft Internet Explorer - CDwnBindInfo Object Use-After-Free (Metasploit)
2012-12-31 00:00:00
Microsoft Internet Explorer - CButton Object Use-After-Free (Metasploit)
2013-01-02 00:00:00
prion
prion
Design/Logic Flaw
2012-12-30 18:55:00
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (2794220)
2013-01-02 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (2794220)
2013-01-02 00:00:00
cert
cert
Microsoft Internet Explorer CButton use-after-free vulnerability
2012-12-29 00:00:00
zdt
zdt
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
2012-12-31 00:00:00
cve
cve
CVE-2012-4792
2012-12-30 18:55:01
thn
thn
CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
2024-07-24 05:56:00
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 01:23:00
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 12:23:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.946

Percentile

99.3%

JSON
Related for CISA-KEV-CVE-2012-4792
saint4vulnrichment1seebug2packetstorm2cvelist1symantec1metasploit1attackerkb1nvd1checkpoint_advisories1securityvulns1nessus2threatpost6exploitdb2prion1openvas2cert1zdt1cve1thn5