HTTP: Microsoft Internet Explorer Use-After-Free Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Extended Description
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
References
BugTraq: 57070
CVE: CVE-2012-4792
URL: http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ http://technet.microsoft.com/en-us/security/advisory/2794220 http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx http://blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/ https://community.rapid7.com/community/metasploit/blog/2012/12/29/microsoft-internet-explorer-0-day-marks-the-end-of-2012
Short Name
HTTP:STC:IE:UAF-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2012-4792 Code Execution Explorer Internet Microsoft Use-After-Free bid:57070
Release Date
01/01/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
CVSS Score
9.3