Executive Summary

Informations
Name TA13-015A First vendor Publication 2013-01-15
Vendor US-CERT Last vendor Modification 2013-01-15
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released Security Bulletin MS13-008 to address the CButton use-after-free vulnerability (CVE-2012-4792).

Description

Microsoft Internet Explorer versions 6, 7, and 8 are susceptible to a use-after-free vulnerability. This vulnerability is being actively exploited in the wild. Microsoft has released Security Bulletin MS13-008 to address this vulnerability.

Additional information is available in Vulnerability Note VU#154201.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

US-CERT recommends that Internet Explorer users run Windows Update as soon as possible to apply the MS13-008 update.

Revision History

January 15, 2013: Initial release

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA13-015A Feedback VU#154201" in the subject.
____________________________________________________________________

Produced by US-CERT, a government organization.
____________________________________________________________________

This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy:
http://www.us-cert.gov/privacy/

This document can also be found at http://www.us-cert.gov/cas/techalerts/TA13-015A.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUPVwH3dnhE8Qi3ZhAQKgnggAm+9MpixsXsGekcDWpXvtDwU+39cZDXC0
+VG5lvmQMOxGCQk7308azrSsDcmFjQkWvbX/szqEWizku+FWhaFEFJ/PA03nIaTF GCDiQMpXDF9bvb80/bi7mbrC4tmak6P6lNsN8cJ/3dwidgbGN6Uq+CJ0Efo27BR5
nnczBzkVS2FR0z9H9h/Fo9IwRwL5fHyMe3dnW5sbD7sAkGDZDFXMGJrdxyOB7kCd OwnhkM6DBtDp849feRu1aR3rHuJ63u8xzRQ6CDWV7x+OeqHhiiqH4lmAUB4ceUIn VluUeBL2jRcpUKSvAUYdjCdkS/gSpAfkpki498kDofU5akLAzOCKKQ==
=WM9o
-----END PGP SIGNATURE-----

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA13-015A.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16361
 
Oval ID: oval:org.mitre.oval:def:16361
Title: Internet Explorer Use After Free Vulnerability - MS13-008
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Family: windows Class: vulnerability
Reference(s): CVE-2012-4792
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

SAINT Exploits

Description Link
Internet Explorer CButton Use After Free Vulnerability More info here

ExploitDB Exploits

id Description
2013-01-02 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability

Snort® IPS/IDS

Date Description
2016-04-28 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 38364 - Revision : 2 - Type : BROWSER-IE
2016-04-28 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 38363 - Revision : 1 - Type : BROWSER-IE
2014-01-10 Gong Da exploit kit possible jar download
RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit Java exploit requested
RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit Java exploit requested
RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit plugin detection
RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit landing page
RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da Jar file download
RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit JNLP request
RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific structure
RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit successful redirection - jnlp bypass
RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java payload detection
RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Sakura exploit kit redirection structure
RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit pdf payload detection
RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit java payload detection
RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page - specific structure
RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit jar file redirection
RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar download
RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit MyApplet class retrieval
RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection structure
RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit redirection page received
RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit former location - has been removed
RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Java exploit download
RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25235 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25234 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25134 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25133 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25132 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25131 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25130 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25129 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25128 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25127 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25126 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25125 - Revision : 4 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2013-01-14 Name : The remote host is affected by a code execution vulnerability.
File : smb_nt_ms13-008.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-01-16 00:19:35
  • First insertion