PT-2012-1236 · Microsoft · Internet Explorer

🗓️ 18 Sep 2012 00:00:00Reported by Positive TechnologiesType

Use-after-free in the mshtml Exec function allows remote code execution via a crafted site in Internet Explorer.

Reporter	Title	Published	Views	Family All 42
0day.today	MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability	9 Oct 201200:00	–	zdt
ATTACKERKB	Microsoft Internet Explorer execCommand Use-After-Free	18 Sep 201200:00	–	attackerkb
ATTACKERKB	Microsoft Internet Explorer SetMouseCapture Use-After-Free	9 Oct 201300:00	–	attackerkb
ATTACKERKB	CVE-2012-4969	18 Sep 201200:00	–	attackerkb
Circl	CVE-2012-4969	10 Oct 201200:00	–	circl
CISA KEV Catalog	Microsoft Internet Explorer Use-After-Free Vulnerability	8 Jun 202200:00	–	cisa_kev
CISA	Microsoft Releases Security Advisory for Internet Explorer	19 Sep 201200:00	–	cisa
Check Point Advisories	Internet Explorer execCommand Use-After-Free (CVE-2012-4969)	19 Sep 201200:00	–	checkpoint_advisories
CVE	CVE-2012-4969	18 Sep 201210:00	–	cve
Cvelist	CVE-2012-4969	18 Sep 201210:00	–	cvelist

Source	Link
github	www.github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_execcommand_uaf.rb
exploit-db	www.exploit-db.com/exploits/21840
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-4969
technet	www.technet.microsoft.com/security/advisory/2757760
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-12-199
bdu	www.bdu.fstec.ru/vul/2022-03966
kb	www.kb.cert.org/vuls/id/480095
oval	www.oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15729
technet	www.technet.microsoft.com/en-us/security/bulletin/ms12-063

03 Apr 2025 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 29.3 - 10

CVSS 3.18.1

EPSS0.91777