CVE-2012-1876
CVE-2012-1876
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
Affected products
n/a · n/apublic PoCs found — 7
githubgithub.com/WizardVan/CVE-2012-1876★ 0githubgithub.com/ExploitCN/CVE-2012-1876-win7_x86_and_win7x64★ 0exploitdbwww.exploit-db.com/exploits/33944unverifiedexploitdbwww.exploit-db.com/exploits/35273unverifiedexploitdbwww.exploit-db.com/exploits/24017unverifiedexploitdbwww.exploit-db.com/exploits/34815unverifiedexploitdbwww.exploit-db.com/exploits/20174unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.arshttp://pwn2own.zerodayinitiative.com/status.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15539http://twitter.com/vupen/statuses/177895844828291073http://www.us-cert.gov/cas/techalerts/TA12-164A.htmlhttp://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621