Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (2722913) |
Informations | |||
---|---|---|---|
Name | MS12-052 | First vendor Publication | 2012-08-14 |
Vendor | Microsoft | Last vendor Modification | 2013-07-17 |
Severity (Vendor) | Critical | Revision | 1.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.2 (July 17, 2013): Added a link to Microsoft Knowledge Base Article 2722913 under Known Issues in the Executive Summary. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-052 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15240 | |||
Oval ID: | oval:org.mitre.oval:def:15240 | ||
Title: | Layout memory corruption vulnerability - MS12-052 | ||
Description: | Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1526 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15498 | |||
Oval ID: | oval:org.mitre.oval:def:15498 | ||
Title: | Virtual function table corruption remote code execution vulnerability - MS12-052 | ||
Description: | Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2522 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15742 | |||
Oval ID: | oval:org.mitre.oval:def:15742 | ||
Title: | Asynchronous null object access remote code execution vulnerability - MS12-052 | ||
Description: | Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2521 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15790 | |||
Oval ID: | oval:org.mitre.oval:def:15790 | ||
Title: | JavaScript Integer Overflow Remote Code Execution Vulnerability - MS12-052 and MS12-056 | ||
Description: | Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2523 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 JScript 5.8 VBScript 5.8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-08-15 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2722913) File : nvt/secpod_ms12-052.nasl |
2012-08-15 | Name : Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2... File : nvt/secpod_ms12-056.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-08-16 | IAVM : 2012-A-0130 - Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0033654 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Microsoft Internet Explorer negative margin use after free attempt RuleID : 31296 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer virtual function table corruption attempt RuleID : 27221 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer virtual function table corruption attempt RuleID : 27220 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer sign extension vulnerability exploitation attempt RuleID : 25079 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer sign extension vulnerability exploitation attempt RuleID : 25078 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer sign extension vulnerability exploitation attempt RuleID : 23841 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer sign extension vulnerability exploitation attempt RuleID : 23840 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer negative margin use after free attempt RuleID : 23836 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer asynchronous code execution attempt RuleID : 23835 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer asynchronous code execution attempt RuleID : 23834 - Revision : 10 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-08-15 | Name : The remote host is affected by code execution vulnerabilities. File : smb_nt_ms12-052.nasl - Type : ACT_GATHER_INFO |
2012-08-15 | Name : Arbitrary code can be executed on the remote host through the installed JScri... File : smb_nt_ms12-056.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-11-16 21:25:24 |
|
2014-02-17 11:47:24 |
|
2014-01-19 21:30:51 |
|
2013-07-18 05:15:50 |
|
2013-01-30 13:27:00 |
|