Microsoft Internet Explorer “CDwnBindInfo” Use-After-Free Vulnerability
A vulnerability has been identified in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a use-after-free error when handling the “CDwnBindInfo” object and can be exploited to dereference an already freed object.
Note:
Exploit in the wild has been detected for CVE-2012-4792.
[Updated on 2024-07-24]
Updated Description and Related Links.
RISK: Extremely High Risk
TYPE: Clients – Browsers
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Internet Explorer 6.x
- Microsoft Internet Explorer 7.x
- Microsoft Internet Explorer 8.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- [UPDATED 15 Jan 2013] Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/ms13-008
Vulnerability Identifier
Source
Related Link
- https://www.cisa.gov/news-events/alerts/2024/07/23/cisa-adds-two-known-exploited-vulnerabilities-catalog
- http://technet.microsoft.com/en-us/security/advisory/2794220
- http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx
- http://www.kb.cert.org/vuls/id/154201
- http://secunia.com/advisories/51695
- http://securitytracker.com/id/1027930
- http://technet.microsoft.com/en-us/security/bulletin/ms13-008
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
