CVE-2012-4969

Known exploited
Public exploit
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
Max CVSS
9.3
EPSS Score
84.02%
Published
2012-09-18
Updated
2017-11-21
CISA KEV Added
2022-06-08

CVE-2012-4792

Public exploit
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Max CVSS
9.3
EPSS Score
91.35%
Published
2012-12-30
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
92.40%
Published
2012-12-12
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
92.40%
Published
2012-12-12
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
92.40%
Published
2012-12-12
Updated
2018-10-12
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
67.18%
Published
2012-11-14
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
81.22%
Published
2012-09-21
Updated
2018-10-12
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
Max CVSS
7.2
EPSS Score
0.08%
Published
2012-11-14
Updated
2019-02-26
The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
Max CVSS
5.0
EPSS Score
53.26%
Published
2012-10-09
Updated
2020-09-28
Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability."
Max CVSS
9.3
EPSS Score
89.65%
Published
2012-10-09
Updated
2018-10-12
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
81.22%
Published
2012-09-21
Updated
2018-10-12
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
73.07%
Published
2012-09-21
Updated
2018-10-12

CVE-2012-2539

Known exploited
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
78.20%
Published
2012-12-12
Updated
2018-10-12
CISA KEV Added
2022-03-28
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
Max CVSS
7.2
EPSS Score
0.08%
Published
2012-11-14
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."
Max CVSS
9.3
EPSS Score
90.86%
Published
2012-10-09
Updated
2018-10-12
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
Max CVSS
7.2
EPSS Score
0.05%
Published
2012-08-15
Updated
2023-12-07
Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
67.77%
Published
2012-08-15
Updated
2018-10-12

CVE-2012-1889

Known exploited
Public exploit
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Max CVSS
9.3
EPSS Score
97.47%
Published
2012-06-13
Updated
2023-12-07
CISA KEV Added
2022-06-08
Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
93.22%
Published
2012-11-14
Updated
2018-10-12
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
94.48%
Published
2012-11-14
Updated
2018-10-12
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
Max CVSS
5.8
EPSS Score
0.72%
Published
2012-03-09
Updated
2021-07-23
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
67.18%
Published
2012-11-14
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
67.18%
Published
2012-11-14
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
73.07%
Published
2012-09-21
Updated
2018-10-12
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
88.77%
Published
2012-08-15
Updated
2018-10-12
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!