Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Secunia Advisory SA45690

Internet Explorer Two Vulnerabilities
Secunia Advisory SA45690
Secunia VIM 4.0 - Free Trial
Release Date 2012-07-10
Last Update 2012-07-18
   
Popularity 67,425 views
Comments 12 comments

Criticality level Highly criticalHighly critical
Impact System access
Where From remote
Authentication level This information is available to Secunia VIM customers
   
Report reliability This information is available to Secunia VIM customers
Solution Status Vendor Patch
   
Systems affected This information is available to Secunia VIM customers
Approve distribution This information is available to Secunia VIM customers
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
   
Software:
Microsoft Internet Explorer 9.x
Secunia CVSS Score This information is available to Secunia VIM Customers
CVE Reference(s) CVE-2012-1522 CVSS score available to Secunia VIM customers
CVE-2012-1524 CVSS score available to Secunia VIM customers
  

Description

Two vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

1) An error when calculating an offset based on uninitialised variables can be exploited to call into an arbitrary memory location.

2) An indexing error when removing a property from an HTML element can be exploited to remove a VARIANT from an array within uninitialised heap-based memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code via a specially crafted web page.


Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) Jose A. Vazquez via iDefense
2) Omair via iDefense

Changelog
Further details available to Secunia VIM customers

Original Advisory
MS12-044 (KB2719177):
http://technet.microsoft.com/en-us/security/bulletin/ms12-044

iDefense:
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=995
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=994

Deep Links
Links available to Secunia VIM customers


Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Internet Explorer Two Vulnerabilities
 
User Message
News4la RE: Internet Explorer Two Vulnerabilities
Member 11th Jul, 2012 00:41
Score: 0
Posts: 1
User Since: 11th Nov 2011
System Score: N/A
Location: US
Last edited on 11th Jul, 2012 00:41		 As of July 10 2012 update 2719177 has crashed my IE9. I had to delete it for my system to work again.
Was this reply relevant?
+0
-0
BruceARoberts RE: Internet Explorer Two Vulnerabilities
Member 11th Jul, 2012 18:13
Score: -24
Posts: 8
User Since: 3rd Jul 2012
System Score: 94%
Location: US
 What's the point of a post like this without any link to bulletin or patches?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Internet Explorer Two Vulnerabilities
Handling Contributor 11th Jul, 2012 18:33
Score: 10495
Posts: 8,057
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 There is and always has been a link - look top left for this:

See the original Secunia advisory:
Internet Explorer Two Vulnerabilities



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+0
-0
BruceARoberts RE: Internet Explorer Two Vulnerabilities
Member 11th Jul, 2012 19:15
Score: -24
Posts: 8
User Since: 3rd Jul 2012
System Score: 94%
Location: US
 OK, thanks. But what a strange place for the link!
Was this reply relevant?
+0
-0

johnmethew

 RE: Internet Explorer Two Vulnerabilities
[+]
This reply has been deleted

johnmethew

 RE: Internet Explorer Two Vulnerabilities
[+]
This reply has been deleted

johnmethew

 RE: Internet Explorer Two Vulnerabilities
[+]
This reply has been deleted

johnmethew

 RE: Internet Explorer Two Vulnerabilities
[+]
This reply has been deleted
chlorophyll RE: Internet Explorer Two Vulnerabilities
Member 19th Jul, 2012 23:10
Score: 1
Posts: 8
User Since: 3rd Aug 2010
System Score: N/A
Location: N/A
(unknown source)
OK, thanks. But what a strange place for the link!


i agree, the link should be provided in the opening thread
Was this reply relevant?
+0
-0
7ronin RE: Internet Explorer Two Vulnerabilities
Member 25th Jul, 2012 21:21
Score: 0
Posts: 1
User Since: 25th Jul 2012
System Score: N/A
Location: US
Last edited on 25th Jul, 2012 21:21		 Didn't this patch come in SP1 to IE9? Or was it in the monthly Microsoft goodies? Either way, it's in my system. Suffered a crash yesterday, but I figured it was my leaving the laptop in the car. Toshiba Sat. 655D w/ AMD 1.3 APU ( Dual ) 4G RAM Win 7 SP1 IE9 SP1. F8 at boot, sys. repair option; Cmd exe. option; change directory to C; " to Windows then tree command; cd\..; dir c; tree command; exit cmd. exe. restart. then booted into Windows several times, using the reverse diagnostic booting suggestions. This is so each boot follows hierarchically as far as user profiles go. I have four!!! Makes it hard to shake my system, since I only go on Internet with Admin permissions when updating system, or using the Secunia OSI.

--
Berkeley Kid
Was this reply relevant?
+0
-0
Maurice Joyce RE: Internet Explorer Two Vulnerabilities
Handling Contributor 25th Jul, 2012 21:37
Score: 10495
Posts: 8,057
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 If you click the link at the top

See the original Secunia advisory:
Internet Explorer Two Vulnerabilities

that is what it tells you - it is patched.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 10 for Windows 7
16GB RAM
Was this reply relevant?
+1
-0

hishoe11

 RE: Internet Explorer Two Vulnerabilities
[+]
This reply has been deleted

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability