Lucene search

[email protected]CVE-2012-4782

HistoryDec 12, 2012 - 12:55 a.m.

CVE-2012-4782

2012-12-1200:55:01

CWE-399

[email protected]

web.nvd.nist.gov

cve

microsoft

internet explorer

vulnerability

remote attackers

arbitrary code

web site

cmarkup

use after free

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.924 High

EPSS

Percentile

99.0%

JSON

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka “CMarkup Use After Free Vulnerability.”

Affected configurations

NVD

Node

microsoftinternet_explorerMatch9

AND

microsoftwindows_7x64

microsoftwindows_7x86

microsoftwindows_7sp1x64

microsoftwindows_7sp1x86

microsoftwindows_server_2008r2x64

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008sp2x86

microsoftwindows_vistasp2

Node

microsoftinternet_explorerMatch10

AND

microsoftwindows_8Match--x64

microsoftwindows_8Match--x86

microsoftwindows_rtMatch-

microsoftwindows_server_2012Match-

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq9

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	9

References

www.us-cert.gov/cas/techalerts/TA12-346A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-077

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16066

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.924 High

EPSS

Percentile

99.0%

JSON

Related for CVE-2012-4782

nvd1 cvelist1 prion1 openvas2 nessus1 securityvulns1 mskb1