VULNERABILITIES / FIXES - December 31, 2012

by Carol~ Moderator - 12/31/12 3:48 PM

Microsoft Internet Explorer "CDwnBindInfo" Use-After-Free Vulnerability

Release Date : 2012-12-30

Criticality level : Extremely critical
Impact : System access
Where : From remote
Solution Status: Unpatched

Software: : Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x

A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error when handling the "CDwnBindInfo" object and can be exploited to dereference an already freed object.

Successful exploitation allows execution of arbitrary code.

NOTE: This is currently being actively exploited in targeted attacks.

No official solution is currently available.

Provided and/or discovered by:
Reported as a 0-day.

Original Advisory: