PROBLEM:
Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code
PLATFORM:
Version(s): 6, 7, 8
ABSTRACT:
A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.
REFERENCE LINKS:
SecurityTracker Alert ID: 1027930
Secunia Advisory SA51695
CVE-2012-4792
IMPACT ASSESSMENT:
High
DISCUSSION:
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Microsoft Internet Explorer 9 and Internet Explorer 10 are not affected.
This vulnerability is being actively exploited against Internet Explorer 8.
IMPACT:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
SOLUTION:
No solution was available at the time of this entry.