Vulnerability Details : CVE-2012-4792
Public exploit exists!
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2012-4792
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 Professional Edition For X64
CVE-2012-4792 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Internet Explorer Use-After-Free Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.
Notes:
https://learn.microsoft.com/en-us/lifecycle/products/internet-explorer-11; https://nvd.nist.gov/vuln/detail/CVE-2012-4792
Added on
2024-07-23
Action due date
2024-08-13
Exploit prediction scoring system (EPSS) score for CVE-2012-4792
88.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-4792
-
MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
Disclosure Date: 2012-12-27First seen: 2020-04-26exploit/windows/browser/ie_cbutton_uafThis module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbit
CVSS scores for CVE-2012-4792
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-08-01 |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | 2024-08-14 |
CWE ids for CVE-2012-4792
-
Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2012-4792
-
http://www.kb.cert.org/vuls/id/154201
VU#154201 - Microsoft Internet Explorer CButton use-after-free vulnerabilityThird Party Advisory;US Government Resource
-
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb
metasploit-framework/ie_cbutton_uaf.rb at master · rapid7/metasploit-framework · GitHubThird Party Advisory
-
http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx
New vulnerability affecting Internet Explorer 8 users – Microsoft Security Response CenterBroken Link
-
http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html
FireEye Blog - Threat Research and Analysis | FireEyeBroken Link
-
http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx
Microsoft “Fix it” available for Internet Explorer 6, 7, and 8 – Microsoft Security Response CenterBroken Link
-
http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free ≈ Packet StormThird Party Advisory;VDB Entry
-
http://technet.microsoft.com/security/advisory/2794220
Microsoft Security Advisory 2794220 | Microsoft DocsPatch;Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA13-015A.html
Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792 | CISAThird Party Advisory;US Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-008
Microsoft Security Bulletin MS13-008 - Critical | Microsoft DocsPatch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16361
Repository / Oval RepositoryBroken Link
-
http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
Attack and IE 0day Informations Used Against Council on Foreign RelationsThird Party Advisory
-
http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/
403 ForbiddenBroken Link
-
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Microsoft Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
Jump to