Vulnerability Details : CVE-2012-4969
Public exploit exists!
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
Vulnerability category: Memory CorruptionExecute code
CVE-2012-4969 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Internet Explorer Use-After-Free Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
Added on
2022-06-08
Action due date
2022-06-22
Exploit prediction scoring system (EPSS) score for CVE-2012-4969
Probability of exploitation activity in the next 30 days: 84.02%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-4969
-
MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability
Disclosure Date: 2012-09-14First seen: 2020-04-26exploit/windows/browser/ie_execcommand_uafThis module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-aft
CVSS scores for CVE-2012-4969
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2012-4969
-
http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb
Broken Link
-
http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15729
Repository / Oval RepositoryThird Party Advisory
-
http://www.us-cert.gov/cas/techalerts/TA12-255A.html
Microsoft Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://technet.microsoft.com/security/advisory/2757760
Microsoft Security Advisory 2757760 | Microsoft DocsPatch;Vendor Advisory
-
http://www.securitytracker.com/id?1027538
Microsoft Internet Explorer execCommand Flaw Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/480095
VU#480095 - Microsoft Internet Explorer 6/7/8/9 contain a use-after-free vulnerabilityThird Party Advisory;US Government Resource
-
http://www.us-cert.gov/cas/techalerts/TA12-265A.html
Microsoft Releases Patch for Internet Explorer Exploit | CISAThird Party Advisory;US Government Resource
-
http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/
Zero-Day Season Is Really Not Over YetThird Party Advisory
-
http://www.us-cert.gov/cas/techalerts/TA12-262A.html
Microsoft Security Advisory for Internet Explorer Exploit | CISAThird Party Advisory;US Government Resource
-
http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild
New Internet Explorer Zero-Day Being Exploited in the Wild | SecurityWeek.ComThird Party Advisory
Products affected by CVE-2012-4969
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*