Hillstone Networks

RULE（RULE ID：310222）

Rule General Information


Release Date:		2018-12-04

Rule Name:		Microsoft Internet Explorer applyElement Use After Free Vulnerability(CVE-2012-4792)

Severity:

CVE ID:

Rule Protection Details


Description:		Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

Impact:		A use-after-free vulnerability can be exploited by an attacker in the vulnerable product. Successful exploit may cause some adverse consequences, such as crash of the product, execution of arbitrary code.

Affected OS:		Windows

Reference:		http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/ http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html http://technet.microsoft.com/security/advisory/2794220 http://www.kb.cert.org/vuls/id/154201 http://www.us-cert.gov/cas/techalerts/TA13-008A.html http://www.us-cert.gov/cas/techalerts/TA13-015A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-008 https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16361

Solutions

Microsoft has released a patch MS13-008 to eliminate the vulnerability. The patch can be downloaded at:
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-008