Internet Explorer CButton Use After Free Vulnerability

2013-01-0400:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.897 High

EPSS

Percentile

98.5%

JSON

Added: 01/04/2013
CVE: CVE-2012-4792
BID: 57070
OSVDB: 88774

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

All references to DOM button objects are not properly removed when a DOM buttom object is deleted. If the stale references are used, an attempt to access unallocated memory may occur. This results in a use-after-free vulnerability.

Resolution

Apply the appropriate update referenced in Microsoft Security Bulletin MS13-008.

References

<http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx>
<https://threatpost.com/en_us/blogs/council-foreign-relations-website-hit-watering-hole-attack-ie-zero-day-exploit-122912>
<http://technet.microsoft.com/en-us/security/advisory/2794220>

Limitations

This exploit has been tested against Microsoft Internet Explorer 8 running on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).