VULNERABILITIES / FIXES - December 31, 2012
by Carol~ - 12/31/12 3:48 PM
Microsoft Internet Explorer "CDwnBindInfo" Use-After-Free Vulnerability
Release Date : 2012-12-30
Criticality level : Extremely critical
Impact : System access
Where : From remote
Solution Status: Unpatched
Software: : Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error when handling the "CDwnBindInfo" object and can be exploited to dereference an already freed object.
Successful exploitation allows execution of arbitrary code.
NOTE: This is currently being actively exploited in targeted attacks.
No official solution is currently available.
Provided and/or discovered by:
Reported as a 0-day.