Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2012-4792
HistoryDec 30, 2012 - 6:55 p.m.

Design/Logic Flaw

2012-12-3018:55:00
PRIOn knowledge base
www.prio-n.com
3

8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.909 High

EPSS

Percentile

98.8%

JSON

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

References

Related

seebug 1
saint 4
packetstorm 2
symantec 1
metasploit 1
threatpost 6
zdt 1
openvas 2
cve 1
cert 1
nessus 2
checkpoint_advisories 1
securityvulns 1
exploitdb 1
thn 4
seebug
seebug
Microsoft Internet Explorer 6/7/8 mshtml!CDwnBindInfoε―Ήθ±‘ι‡Šζ”ΎεŽι‡η”¨δ»£η ζ‰§θ‘ŒζΌζ΄ž
2012-12-31 00:00:00
saint
saint
Internet Explorer CButton Use After Free Vulnerability
2013-01-04 00:00:00
Internet Explorer CButton Use After Free Vulnerability
2013-01-04 00:00:00
Internet Explorer CButton Use After Free Vulnerability
2013-01-04 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer CButton Object Use-After-Free
2013-01-02 00:00:00
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
2012-12-31 00:00:00
symantec
symantec
Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability
2012-12-30 00:00:00
metasploit
metasploit
MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
2012-12-31 06:29:19
threatpost
threatpost
Out-of-Band IE Patch Released as More Sites Attacked
2013-01-14 20:29:58
Watering Hole Attack Hits US Department of Labor Website
2013-05-01 16:30:58
IE 8 Zero Day Widens Scope of DoL Watering Hole Attack
2013-05-06 11:14:47
zdt
zdt
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
2012-12-31 00:00:00
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (2794220)
2013-01-02 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (2794220)
2013-01-02 00:00:00
cve
cve
CVE-2012-4792
2012-12-30 18:55:00
cert
cert
Microsoft Internet Explorer CButton use-after-free vulnerability
2012-12-29 00:00:00
nessus
nessus
MS KB2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)
2013-01-02 00:00:00
MS13-008: Security Update for Internet Explorer (2799329)
2013-01-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer Heap Spray Memory Corruption (CVE-2012-4792)
2012-12-30 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer use-after-free vulnerabilities
2013-01-16 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - CButton Object Use-After-Free (Metasploit)
2013-01-02 00:00:00
thn
thn
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 01:23:00
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 12:23:00
ASLR bypass techniques are popular with APT attacks
2013-10-16 15:42:00

8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.909 High

EPSS

Percentile

98.8%

JSON
Related for PRION:CVE-2012-4792
seebug1saint4packetstorm2symantec1metasploit1threatpost6zdt1openvas2cve1cert1nessus2checkpoint_advisories1securityvulns1exploitdb1thn4