Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-071.

Impact

Successful exploitation will allow remote attackers to gain sensitive information or execute arbitrary code in the context of the current user. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-071

Insight

Multiple use-after-free errors within the 'CFormElement', 'CTreePos' and 'CTreeNode' class and can be exploited to dereference already freed memory.

Affected

Microsoft Internet Explorer version 9.x

References

http://secunia.com/advisories/51202/
http://support.microsoft.com/kb/2761451
http://technet.microsoft.com/en-us/security/bulletin/ms12-071

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1538, CVE-2012-1539, CVE-2012-4775

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
Cumulative Patch for Internet Information Services (Q327696)
Microsoft DirectAccess Security Advisory (2862152)
Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)

Take action and discover your vulnerabilities