CVE-2012-4792

Confirmed PUBLISHED

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site...

Microsoft · Internet Explorer
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.8 High

At a Glance

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

nessus_scanner cisa metasploit
CVE Published
Dec 30, 2012
Exploitation Reported
Jul 23, 2024
CVSS
8.8 High
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
microsoft
ie

6.0 to <= 8.0

Affected
n/a
n/a

n/a

Affected

CVE References

  • MS13-008 docs.microsoft.com · Vendor Advisory https://docs.microsoft.com/en-us/security-updates/securitybulletins/2...
  • TA13-008A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA13-008A.html
  • VU#154201 kb.cert.org · Third-Party Advisory http://www.kb.cert.org/vuls/id/154201
  • TA13-015A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA13-015A.html
  • oval:org.mitre.oval:def:16361 oval.cisecurity.org · VDB Entry https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m...
Show 8 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.