CVE-2012-4781

2012-12-1200:55:01

CWE-94

microsoft

web.nvd.nist.gov

cve-2012-4781

use-after-free vulnerability

microsoft internet explorer

remote code execution

injecthtmlstream use after free vulnerability

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.887

Percentile

98.8%

JSON

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka “InjectHTMLStream Use After Free Vulnerability.”

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch7

microsoftinternet_explorerMatch8

microsoftinternet_explorerMatch9

microsoftinternet_explorerMatch10

VendorProductVersionCPE
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftinternet_explorer8cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
microsoftinternet_explorer9cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
microsoftinternet_explorer10cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
microsoft	internet_explorer	7	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
microsoft	internet_explorer	8	cpe:2.3:a:microsoft:internet_explorer:8:::::::*
microsoft	internet_explorer	9	cpe:2.3:a:microsoft:internet_explorer:9:::::::*
microsoft	internet_explorer	10	cpe:2.3:a:microsoft:internet_explorer:10:::::::*