Lucene search

[email protected]CVE-2012-0012

HistoryFeb 14, 2012 - 10:55 p.m.

CVE-2012-0012

2012-02-1422:55:00

CWE-665

[email protected]

web.nvd.nist.gov

122

microsoft

internet explorer 9

cve-2012-0012

null byte

information disclosure

nvd

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.959 High

EPSS

Percentile

99.4%

JSON

Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka “Null Byte Information Disclosure Vulnerability.”

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq9

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	9

References

www.us-cert.gov/cas/techalerts/TA12-045A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14870

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.959 High

EPSS

Percentile

99.4%

JSON

Related for CVE-2012-0012

prion1 checkpoint_advisories3 mskb1 openvas2 nessus1 securityvulns1