Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-071.

Impact

Successful exploitation will allow remote attackers to gain sensitive information or execute arbitrary code in the context of the current user. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-071

Insight

Multiple use-after-free errors within the 'CFormElement', 'CTreePos' and 'CTreeNode' class and can be exploited to dereference already freed memory.

Affected

Microsoft Internet Explorer version 9.x

References

http://secunia.com/advisories/51202/
http://support.microsoft.com/kb/2761451
http://technet.microsoft.com/en-us/security/bulletin/ms12-071

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1538, CVE-2012-1539, CVE-2012-4775

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (939653)
Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
IE 5.01 5.5 6.0 Cumulative patch (890923)
Checks for MS HOTFIX for snmp buffer overruns
Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)

Take action and discover your vulnerabilities