Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-071.

Impact

Successful exploitation will allow remote attackers to gain sensitive information or execute arbitrary code in the context of the current user. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-071

Insight

Multiple use-after-free errors within the 'CFormElement', 'CTreePos' and 'CTreeNode' class and can be exploited to dereference already freed memory.

Affected

Microsoft Internet Explorer version 9.x

References

http://secunia.com/advisories/51202/
http://support.microsoft.com/kb/2761451
http://technet.microsoft.com/en-us/security/bulletin/ms12-071

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1538, CVE-2012-1539, CVE-2012-4775
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (969897)
Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)
Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)

Take action and discover your vulnerabilities