Vulnerability Note VU#480095
Microsoft Internet Explorer 6/7/8/9 contain a use-after-free vulnerability
Microsoft Internet Explorer versions 6, 7, 8, and 9 are susceptible to a use-after-free vulnerability (CWE-416) that may result in remote code execution.
Microsoft Internet Explorer 6/7/8/9 contains a use-after-free vulnerability in the CMshtmlEd::Exec() function. An attacker may leverage this vulnerability to execute arbitrary code. This vulnerability is being actively exploited in the wild and a Metasploit module is publicly available.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code.
Apply an Update
Run Windows Update to apply the patch for this vulnerability. MS12-063 contains patches for this and other vulnerabilities as well.
Apply a Microsoft Fix It utility
Use a different web browser
Until Microsoft has released a patch for this vulnerability, consider using a different web browser for viewing untrusted web sites.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||17 Sep 2012|
CVSS Metrics (Learn More)
This vulnerability was discovered in the wild.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-4969
- Date Public: 17 Sep 2012
- Date First Published: 17 Sep 2012
- Date Last Updated: 21 Sep 2012
- Document Revision: 31
If you have feedback, comments, or additional information about this vulnerability, please send us email.