Vulnerability Details : CVE-2012-1876
Public exploit exists!
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-1876
Probability of exploitation activity in the next 30 days: 96.93%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-1876
-
MS12-037 Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
Disclosure Date: 2012-06-12First seen: 2020-04-26exploit/windows/browser/ms12_037_ie_colspanThis module exploits a heap overflow vulnerability in Internet Explorer caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code. Authors: - Alexandre Pelletier - mr_me <stev
CVSS scores for CVE-2012-1876
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-1876
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1876
-
http://twitter.com/vupen/statuses/177895844828291073
Twitter / ?
-
http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621
Pwn2Own 2012: IE 9 hacked with two 0day vulnerabilities | ZDNet
-
http://www.us-cert.gov/cas/techalerts/TA12-164A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://pwn2own.zerodayinitiative.com/status.html
Home | Zero Day Initiative
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037
Microsoft Security Bulletin MS12-037 - Critical | Microsoft Docs
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15539
Repository / Oval Repository
-
http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars
IE 9, on most secure Windows yet, next browser to fall at hacker contest | Ars Technica
Products affected by CVE-2012-1876
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*