CVE-2012-4787 : Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remo

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."

Published 2012-12-12 00:55:01

Updated 2025-04-11 00:51:22

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2012-4787

Microsoft » Internet Explorer » Version: 9
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 7 » X64 Edition
When used together with: Microsoft » Windows 7 » X86 Edition
When used together with: Microsoft » Windows 7 » Update SP1 X64 Edition
When used together with: Microsoft » Windows 7 » Update SP1 X86 Edition
When used together with: Microsoft » Windows Server 2008 » Update R2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X86 Edition
When used together with: Microsoft » Windows Vista » Update SP2
Microsoft » Internet Explorer » Version: 10
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 8 » Version: N/A X64 Edition
When used together with: Microsoft » Windows 8 » Version: N/A X86 Edition
When used together with: Microsoft » Windows Rt » Version: N/A
When used together with: Microsoft » Windows Server 2012 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2012-4787

EPSS FAQ

36.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-4787

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.0	CRITICAL	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	2.2	6.0	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-10-17
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2012-4787

CWE-399

Assigned by: nvd@nist.gov (Primary)
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2012-4787

http://www.us-cert.gov/cas/techalerts/TA12-346A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16211

Repository / Oval Repository
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-077

Microsoft Security Bulletin MS12-077 - Critical | Microsoft Docs

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-4787

Products affected by CVE-2012-4787

Exploit prediction scoring system (EPSS) score for CVE-2012-4787

CVSS scores for CVE-2012-4787

CWE ids for CVE-2012-4787

References for CVE-2012-4787