Vulnerability Details : CVE-2012-1545
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-1545
Probability of exploitation activity in the next 30 days: 0.72%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1545
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2012-1545
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1545
-
http://twitter.com/vupen/statuses/177895844828291073
Twitter / ?
-
http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621
Pwn2Own 2012: IE 9 hacked with two 0day vulnerabilities | ZDNet
-
http://pwn2own.zerodayinitiative.com/status.html
Home | Zero Day Initiative
-
http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars
IE 9, on most secure Windows yet, next browser to fall at hacker contest | Ars Technica
Products affected by CVE-2012-1545
- cpe:2.3:a:microsoft:ie:10:consumer_preview:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*