Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-12-199
HistoryDec 21, 2012 - 12:00 a.m.

Microsoft Internet Explorer execCommand Remote Code Execution Vulnerability

2012-12-2100:00:00
Anonymous
www.zerodayinitiative.com
27

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.84 High

EPSS

Percentile

98.4%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CCommand::Exec function. It is possible to free certain objects in a callback function called from the CCommand::Exec function. Upon return from this function a local variable is being re-used without check. This can lead to a use-after-free issue that can result in remote code execution under the context of the current process.

Related

saint 4
nessus 2
canvas 1
threatpost 6
prion 1
cert 1
cisa 1
thn 7
cve 1
checkpoint_advisories 1
attackerkb 3
cisa_kev 1
mskb 1
openvas 2
securityvulns 1
saint
saint
Internet Explorer CMshtmlEd execCommand Use After Free
2012-09-19 00:00:00
Internet Explorer CMshtmlEd execCommand Use After Free
2012-09-19 00:00:00
Internet Explorer CMshtmlEd execCommand Use After Free
2012-09-19 00:00:00
nessus
nessus
MS KB2757760: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)
2012-09-19 00:00:00
MS12-063: Cumulative Security Update for Internet Explorer (2744842)
2012-09-21 00:00:00
canvas
canvas
Immunity Canvas: IE_EXECCOMMAND
2012-09-18 10:39:00
threatpost
threatpost
Another IE Exploit Targeting Defense Industry Discovered
2012-09-24 17:27:15
Microsoft Releases Out-Of-Band IE Zero-Day Patch
2012-09-21 17:38:20
Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack
2013-01-02 21:41:29
prion
prion
Design/Logic Flaw
2012-09-18 10:39:00
cert
cert
Microsoft Internet Explorer 6/7/8/9 contain a use-after-free vulnerability
2012-09-17 00:00:00
cisa
cisa
Microsoft Releases Security Advisory for Internet Explorer
2012-09-19 00:00:00
thn
thn
Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969
2012-09-19 20:08:00
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 12:23:00
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 01:23:00
cve
cve
CVE-2012-4969
2012-09-18 10:39:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer execCommand Use-After-Free (CVE-2012-4969)
2012-09-19 00:00:00
attackerkb
attackerkb
CVE-2012-4969
2012-09-18 00:00:00
Microsoft Internet Explorer execCommand Use-After-Free
2012-09-18 00:00:00
Microsoft Internet Explorer SetMouseCapture Use-After-Free
2020-10-14 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Use-After-Free Vulnerability
2022-06-08 00:00:00
mskb
mskb
MS12-063: Cumulative Security Update for Internet Explorer: September 21, 2012
2012-09-21 00:00:00
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
2012-09-18 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
2012-09-18 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer memory corruption
2012-10-25 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.84 High

EPSS

Percentile

98.4%

JSON
Related for ZDI-12-199
saint4nessus2canvas1threatpost6prion1cert1cisa1thn7cve1checkpoint_advisories1attackerkb3cisa_kev1mskb1openvas2securityvulns1