|
|||
Rule General Information |
---|
Release Date: | 2019-07-16 | |
Rule Name: | Microsoft Internet Explorer execCommand Use After Free Vulnerability (CVE-2012-4969) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. | |
Impact: | A use-after-free vulnerability can be exploited by an attacker in the vulnerable product. Successful exploit may cause some adverse consequences, such as crash of the product, execution of arbitrary code. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | http://technet.microsoft.com/security/advisory/2757760 SecurityTrackerID:1027538 http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/ http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.microsoft.com/ie/ |