CVE-2012-4792
Published: 30 December 2012
Summary
CVE-2012-4792 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is a use-after-free condition, identified as CWE-416, affecting Microsoft Internet Explorer 6 through 8. It occurs when the browser accesses an object such as CDwnBindInfo that was either not properly allocated or has already been deleted, enabling memory corruption during the handling of web page content.
Remote attackers can exploit the flaw by serving a specially crafted website that triggers the use-after-free condition. Successful exploitation grants the ability to execute arbitrary code in the context of the current user, with the attack requiring only that the victim visit the malicious page in an affected version of Internet Explorer.
Microsoft published guidance and a “Fix-it” package for Internet Explorer 6, 7, and 8 through its Security Research and Defense blog, while multiple incident reports documented active exploitation in December 2012 water-hole campaigns, including the compromise of the Council on Foreign Relations site.
The issue carried a CVSS 3.1 score of 8.8 and was confirmed in public analyses from FireEye, AlienVault Labs, and independent researchers as having been used in targeted, in-the-wild attacks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2012-4717
Vulnerability details
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by…
more
a CDwnBindInfo object, and exploited in the wild in December 2012.
- CWE(s)
- KEV Date Added
- 23 July 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of patches or workarounds for the IE use-after-free flaw that Microsoft published in December 2012.
Enforces memory-protection mechanisms that block exploitation of use-after-free conditions such as the CDwnBindInfo object reuse in IE.
Restricts or monitors mobile code (scripts, ActiveX) delivered by crafted web pages that trigger the IE vulnerability.