MS Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code Execution
Publish Date: 03 März 2014
Schweregrad:: Kritisch
CVE Kennungen:: CVE-2012-4969
Hinweisdatum: 17 September 2012
Beschreibung
A remote code execution vulnerability in Internet Explorer versions 6, 7, 8, and 9 is being used in some targeted attacks. Visiting a website or webpage where the exploit is hosted may automatically run the exploit. Trend Micro detects the exploit as HTML_EXPDROP.II.
Note that this vulnerability does not affect Internet Explorer 10. The following Windows Server Core Installations are also not affected:
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2012
Trend Micro Lösungen
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
1005194 | Microsoft Internet Explorer 'execCommand' Use-After-Free Vulnerability | 18-Sep-12 | YES |
Betroffene Software und Version:
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9