Test ID:	1.3.6.1.4.1.25623.1.0.803028
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS12-063.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-063. Vulnerability Insight: Multiple vulnerabilities exist due to the way that Internet Explorer accesses an object that has been deleted and causing multiple use-after-free errors when, - Handling onMove events, event listeners and the execCommand method. - Cloning nodes and layout handling. Vulnerability Impact: Successful exploitation could allow remote attackers to gain sensitive information or execute arbitrary code in the context of the current user. Affected Software/OS: Microsoft Internet Explorer version 6.x/7.x/8.x/9.x. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1529 BugTraq ID: 55641 http://www.securityfocus.com/bid/55641 Cert/CC Advisory: TA12-255A http://www.us-cert.gov/cas/techalerts/TA12-255A.html Microsoft Security Bulletin: MS12-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15852 http://www.securitytracker.com/id?1027555 XForce ISS Database: ms-ie-onmove-code-exec(78756) https://exchange.xforce.ibmcloud.com/vulnerabilities/78756 Common Vulnerability Exposure (CVE) ID: CVE-2012-2546 BugTraq ID: 55645 http://www.securityfocus.com/bid/55645 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15652 XForce ISS Database: ms-ie-eventlistener-code-exec(78757) https://exchange.xforce.ibmcloud.com/vulnerabilities/78757 Common Vulnerability Exposure (CVE) ID: CVE-2012-2548 BugTraq ID: 55646 http://www.securityfocus.com/bid/55646 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15449 Common Vulnerability Exposure (CVE) ID: CVE-2012-2557 BugTraq ID: 55647 http://www.securityfocus.com/bid/55647 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15745 Common Vulnerability Exposure (CVE) ID: CVE-2012-4969 Cert/CC Advisory: TA12-262A http://www.us-cert.gov/cas/techalerts/TA12-262A.html Cert/CC Advisory: TA12-265A http://www.us-cert.gov/cas/techalerts/TA12-265A.html CERT/CC vulnerability note: VU#480095 http://www.kb.cert.org/vuls/id/480095 http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/ http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/ http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15729 http://www.securitytracker.com/id?1027538
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.