Описание
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Ссылки
- Broken Link
- Broken Link
- Broken Link
- Third Party Advisory
- Broken Link
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Third Party Advisory
- Broken Link
- Broken Link
- Broken Link
- Broken Link
- Third Party Advisory
- Broken Link
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
Одновременно
Одно из
Одновременно
Одно из
EPSS
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Уязвимость функции CDwnBindInfo библиотеки mshtml.dll браузера Internet Explorer, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3
9.3 Critical
CVSS2