Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiVUPEN Vulnerability Research Team http://www.vupen.comZDI-12-093
HistoryJun 12, 2012 - 12:00 a.m.

(Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability

2012-06-1200:00:00
VUPEN Vulnerability Research Team http://www.vupen.com
www.zerodayinitiative.com
65

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles dynamically changed colspans on a column in a table with the table-layout:fixed style. If the colspan is increased after initial creation it will result in a heap overflow. This can lead to remote code execution under the context of the current program.

Related

seebug 4
saint 4
securityvulns 3
exploitpack 4
prion 1
zdt 2
canvas 1
packetstorm 4
symantec 1
cve 2
checkpoint_advisories 1
exploitdb 5
threatpost 1
mskb 1
nessus 1
openvas 2
seebug
seebug
Internet Explorer 8 Fixed Col Span ID full ASLR & DEP bypass
2013-01-10 00:00:00
Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
2014-07-01 00:00:00
Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.0 Bypass (MS12-037)
2014-10-10 00:00:00
saint
saint
Internet Explorer COL SPAN Heap Overflow
2012-08-06 00:00:00
Internet Explorer COL SPAN Heap Overflow
2012-08-06 00:00:00
Internet Explorer COL SPAN Heap Overflow
2012-08-06 00:00:00
securityvulns
securityvulns
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876)
2012-06-25 00:00:00
ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability
2012-06-17 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2012-06-25 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)
2014-07-01 00:00:00
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.1 Bypass) (MS12-037)
2014-11-17 00:00:00
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP Bypass) (MS12-037)
2013-01-10 00:00:00
prion
prion
Heap overflow
2012-06-12 22:55:00
zdt
zdt
Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 4.1.X Bypass
2014-07-01 00:00:00
Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.1 Bypass (MS12-037)
2014-11-18 00:00:00
canvas
canvas
Immunity Canvas: MS12_037
2012-06-12 22:55:00
packetstorm
packetstorm
Internet Explorer 8 Fixed Col Span ID Full ASLR, DEP, And EMET 5.0 Bypass
2014-09-29 00:00:00
Internet Explorer 8 Bypass
2014-07-01 00:00:00
Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
2012-08-01 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2012-1876 Col Element Remote Code Execution Vulnerability
2012-06-12 00:00:00
cve
cve
CVE-2012-1876
2012-06-12 22:55:00
CVE-2012-1544
2012-03-09 11:55:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer Col Element Remote Code Execution (MS12-037; CVE-2012-1876)
2012-06-12 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)
2014-07-01 00:00:00
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.0 Bypass) (MS12-037)
2014-09-29 00:00:00
Microsoft Internet Explorer - Fixed Table Col Span Heap Overflow (MS12-037) (Metasploit)
2012-08-02 00:00:00
threatpost
threatpost
Cool Exploit Kit Includes Old Internet Explorer Exploit
2013-05-08 11:00:45
mskb
mskb
MS12-037: Cumulative Security Update for Internet Explorer: June 12, 2012
2012-06-12 00:00:00
nessus
nessus
MS12-037: Cumulative Security Update for Internet Explorer (2699988)
2012-06-13 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
2012-06-13 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
2012-06-13 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON
Related for ZDI-12-093
seebug4saint4securityvulns3exploitpack4prion1zdt2canvas1packetstorm4symantec1cve2checkpoint_advisories1exploitdb5threatpost1mskb1nessus1openvas2