Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiStephen Fewer of Harmony Security (www.harmonysecurity.com)ZDI-12-036
HistoryFeb 22, 2012 - 12:00 a.m.

Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability

2012-02-2200:00:00
Stephen Fewer of Harmony Security (www.harmonysecurity.com)
www.zerodayinitiative.com
8

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. The object is can be reused, and due to this object being freed, a later allocation can be located in this memory region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

Related

cve 1
checkpoint_advisories 2
securityvulns 2
symantec 1
prion 1
seebug 1
mskb 1
openvas 2
nessus 1
ibm 1
cve
cve
CVE-2012-0155
2012-02-14 22:55:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer VML Remote Code Execution - Ver2 (CVE-2012-0155)
2014-03-31 00:00:00
Internet Explorer VML Remote Code Execution (MS12-010; CVE-2012-0155)
2012-02-14 00:00:00
securityvulns
securityvulns
ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability
2012-03-10 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2012-03-10 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2012-0155 VML Handling Remote Code Execution Vulnerability
2012-02-14 00:00:00
prion
prion
Remote code execution
2012-02-14 22:55:00
seebug
seebug
Microsoft Internet Explorer 9 VML处理远程代码执行漏洞(MS12-010)
2012-02-16 00:00:00
mskb
mskb
MS12-010: Cumulative Security Update for Internet Explorer: February 14, 2012
2020-05-21 04:51:25
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
2012-02-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
2012-02-15 00:00:00
nessus
nessus
MS12-010: Cumulative Security Update for Internet Explorer (2647516)
2012-02-14 00:00:00
ibm
ibm
Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)
2021-01-25 20:13:51

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON
Related for ZDI-12-036
cve1checkpoint_advisories2securityvulns2symantec1prion1seebug1mskb1openvas2nessus1ibm1