You are here

V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code

December 31, 2012 - 6:58am

Addthis

PROBLEM:

Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code

PLATFORM:

Version(s): 6, 7, 8

ABSTRACT:

A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.

REFERENCE LINKS:

SecurityTracker Alert ID:  1027930
Secunia Advisory SA51695
CVE-2012-4792

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Microsoft Internet Explorer 9 and Internet Explorer 10 are not affected.

This vulnerability is being actively exploited against Internet Explorer 8.

IMPACT:

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

No solution was available at the time of this entry.
 

Addthis