1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: MSIE Use After Free CVE-2012-4792 4

Web Attack: MSIE Use After Free CVE-2012-4792 4

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in Microsoft Internet Explorer.

Additional Information

Microsoft Internet Explorer is a Web browser available for Microsoft Windows.

Internet Explorer is prone to a remote code-execution vulnerability due to a use-after-free condition when handing the 'CDwnBindInfo' object. Specifically, the issue occurs because the application accesses an object in memory that has not been properly allocated or has been deleted.

Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

Microsoft Internet Explorer versions 6, 7, and 8 are affected.

Affected

  • Microsoft Internet Explorer versions 6, 7, and 8 are affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube