VULNERABILITIES / FIXES - December 31, 2012

by Carol~ Moderator - 12/31/12 3:48 PM

Microsoft Internet Explorer "CDwnBindInfo" Use-After-Free Vulnerability

Release Date : 2012-12-30

Criticality level : Extremely critical
Impact : System access
Where : From remote
Solution Status: Unpatched

Software: : Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x

Description:
A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error when handling the "CDwnBindInfo" object and can be exploited to dereference an already freed object.

Successful exploitation allows execution of arbitrary code.

NOTE: This is currently being actively exploited in targeted attacks.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported as a 0-day.

Original Advisory:
http://technet.microsoft.com/en-us/security/advisory/2794220

http://secunia.com/advisories/51695/