Date: 02 January 2013
References: ESB-2013.0076
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0001
Vulnerability in Internet Explorer Could Allow Remote Code Execution
2 January 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Internet Explorer
Publisher: Microsoft
Operating System: Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Mitigation
CVE Names: CVE-2012-4792
Reference: http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx
Original Bulletin:
http://technet.microsoft.com/en-us/security/advisory/2794220
- --------------------------BEGIN INCLUDED TEXT--------------------
Microsoft Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: Saturday, December 29, 2012 | Updated: Monday, December 31, 2012
Version: 1.1
General Information
Executive Summary
Microsoft is investigating public reports of a vulnerability in Internet
Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9
and Internet Explorer 10 are not affected by the vulnerability. Microsoft is
aware of targeted attacks that attempt to exploit this vulnerability through
Internet Explorer 8. Applying the Microsoft Fix it solution, "MSHTML Shim
Workaround," prevents the exploitation of this issue. See the Suggested
Actions section of this advisory for more information.
The vulnerability is a remote code execution vulnerability that exists in the
way that Internet Explorer accesses an object in memory that has been deleted
or has not been properly allocated. The vulnerability may corrupt memory in a
way that could allow an attacker to execute arbitrary code in the context of
the current user within Internet Explorer. An attacker could host a specially
crafted website that is designed to exploit this vulnerability through
Internet Explorer and then convince a user to view the website.
Advisory Details
Issue References
For more information about this issue, see the following references:
CVE Reference CVE-2012-4792
Microsoft Knowledge Base Article 2794220
Affected Software
Operating System Component
Windows XP Service Pack 3 Internet Explorer 6
Windows XP Professional x64 Edition Service Pack 2 Internet Explorer 6
Windows Server 2003 Service Pack 2 Internet Explorer 6
Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 6
Windows Server 2003 with SP2 for Itanium-based Systems Internet Explorer 6
Windows XP Service Pack 3 Internet Explorer 7
Windows XP Professional x64 Edition Service Pack 2 Internet Explorer 7
Windows Server 2003 Service Pack 2 Internet Explorer 7
Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 7
Windows Server 2003 with SP2 for Itanium-based Systems Internet Explorer 7
Windows Vista Service Pack 2 Internet Explorer 7
Windows Vista x64 Edition Service Pack 2 Internet Explorer 7
Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 7
Windows Server 2008 for x64-based Systems SP 2 Internet Explorer 7
Windows Server 2008 for Itanium-based Systems SP 2 Internet Explorer 7
Windows XP Service Pack 3 Internet Explorer 8
Windows XP Professional x64 Edition Service Pack 2 Internet Explorer 8
Windows Server 2003 Service Pack 2 Internet Explorer 8
Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 8
Windows Vista Service Pack 2 Internet Explorer 8
Windows Vista x64 Edition Service Pack 2 Internet Explorer 8
Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 8
Windows Server 2008 for x64-based Systems SP 2 Internet Explorer 8
Windows 7 for 32-bit Systems Internet Explorer 8
Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 8
Windows 7 for x64-based Systems Internet Explorer 8
Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 8
Windows Server 2008 R2 for x64-based Systems Internet Explorer 8
Windows Server 2008 R2 for x64-based Systems SP 1 Internet Explorer 8
Windows Server 2008 R2 for Itanium-based Systems Internet Explorer 8
Windows Server 2008 R2 for Itanium-based Systems SP 1 Internet Explorer 8
Suggested Actions
Workarounds
Apply the Microsoft Fix it solution, "MSHTML Shim Workaround", that prevents
exploitation of this issue. For further details refer to:
http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUOOJNO4yVqjM2NGpAQKexg/+O0RKUJ/nN0958nEEqQhXn5axtQa1Jw8i
hoMIfrBP5cCdfMp00lXF4XgXguwAwEeI33hLD35fYp5pBzZUZnvFLl9mUlrJjw3O
LiU6MRt3Rxn2ad9cBeyCpI5MkxTBGt2sBoeqfWX4vuuEw2whJie8K2+dyYX+tE4P
zRlCPJNFEFGNp1Q5Y2fgsfrAiUjAdNZpL7j7bms/eOQmOxkakZPfMfVFGnsvpkTb
GMJOFYw78D9ly9cGZv21SKKYly2jTaDKkTev61PP6K8dutL2pYwPU8JlLiPavL4C
+EDRw4XYTlQP3iFK90m+5ijq5il4qbhl89hxJWMnQAe9CG6jv2VR1obp0if8En5W
/ie9lud84TkH13ew+VvZoy/ZDux5Y+K2+XnTPjU80ZSA147qfrMFA2eG0muS8y4R
26TIa3NssPQpa/ZCLfSWlvsvKL6mqgB1IG0AhyM5BIZ79ZvfXu55OUKCJAVkjMSw
f4KZs4bxFsvWEqbbwXJUGmQKI/i0e/lHRpc1/UhmQOpKDmXlmQ508GrsL+Z32EfC
phmHqvu5n50ewgPQYydKXZTdA36ux04mxwh42AgS0mCWHRnumbEc0k+uAGNhz5R2
DPaSSLfYnQu4Bzd9sONeVKi7kz7kHj0MnHDuJQ/4mybdXUnIpgqtnlmF0G4pK0ra
XOb+EUZE6JY=
=IFLx
-----END PGP SIGNATURE-----
|