SAINT CorporationSAINT:D9A07373E169F8C48267AC930C4D49ABInternet Explorer CMshtmlEd execCommand Use After Free
0.848 High
EPSS
Percentile
98.2%
Added: 09/19/2012
CVE: CVE-2012-4969
BID: 55562
OSVDB: 85532
Background
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Problem
Internet Explorer does not properly clean up references to objects passed to the execCommand Javascript method. If execCommand is called by an object’s event handler and the execCommand parameter modifies the DOM such that the parent object is modified, the parent is freed and reallocated, but references to the parent are not redirected. This can cause a use-after-free condition, which may be exploitable when combined with a heap spray.
Resolution
Apply the patch detailed in Microsoft Security Bulletin MS12-063.
Alternatively, installing the Microsoft Exploit Mitigation Experience Toolkit prevents this vulnerability from being exploited, and also improves overall security of your Windows system. To install and configure Microsoft Exploit Mitigation Experience Toolkit, following the instructions in Microsoft Security Advisory 2757760.
References
<http://technet.microsoft.com/en-us/security/bulletin/ms12-063>
<http://technet.microsoft.com/en-us/security/advisory/2757760>
<http://www.microsoft.com/en-us/download/details.aspx?id=29851>
<http://nakedsecurity.sophos.com/2012/09/18/microsoft-advisory-internet-explorer-zero-day-affects-most-windows-versions/>
<http://threatpost.com/en_us/blogs/latest-ie-zero-day-flaw-tied-nitro-hackers-and-recent-java-zero-day-exploits-091712>
Limitations
This exploit has been tested against Microsoft Internet Explorer 8 and 9 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Platforms
Windows
Related
