Microsoft Internet Explorer Multiple Vulnerabilities

SA50626

CVE-2012-1529, CVE-2012-2546, CVE-2012-2548, CVE-2012-2557, CVE-2012-4969

17 Sep 2012

25 Mar 2013

Extremely Critical

Vendor Patch

Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x

From remote

System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Five vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

1) A use-after-free error when handling onMove events can be exploited to dereference already freed memory.

2) A use-after-free error when handling event listeners can be exploited to dereference already freed memory.

3) A use-after-free error when handling CTreeNode objects can be exploited to dereference already freed memory.

4) A use-after-free error when cloning nodes can be exploited to dereference already freed memory.

5) A use-after-free error when handling the execCommand method can be exploited to dereference already freed memory.

NOTE: This vulnerability is currently being actively exploited.

Successful exploitation of the vulnerabilities allows execution of arbitrary code via e.g. a specially crafted web page.

Apply patches.

-- Internet Explorer 6 --

Windows XP Service Pack 3
http://www.microsoft.com/downloads/details.aspx?FamilyID=967c9ef3-db48-4c2f-9a67-87851fd54962

Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=020b36c6-7050-4458-8762-bae35eb713cd

Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7aaaa15b-87d8-4afc-b183-8ce5becda026

Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=366feacb-16ad-455c-b2ad-5038f998c432

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=c28d6dc3-c2f0-4505-a545-85b7a0e3e2dc

-- Internet Explorer 7 --

Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyID=6ba78d4c-3657-4963-b2da-7a3763c6b5c9

Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=1e2e412a-be97-407e-9f02-fc074db3bb07

Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=aef34ce4-a6ce-4f5e-9892-0a7fbd90c3b4

Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=baa47c53-2724-43ef-8590-d3733b47e75b

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=86c28695-86a5-4c17-82d6-7f98b3162aa6

Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=053546fc-ed41-43c2-b4f2-b76334314f5c

Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=cbe5681b-c28e-4a6a-9b97-0bfe44acf077

Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=df861b42-bcf2-4f7a-9019-f49e6725f5dc

Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=fa9878c0-b7e5-43ac-b1eb-679e62cf62fc

Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=ded887a4-a06d-4447-b19d-19d0f4928523

-- Internet Explorer 8 --

Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=ac71ffe3-f077-4753-a238-47a2e9623363

Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=c727d956-be3e-4cd2-913c-f26cb6c33227

Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=d63e25ad-ab8c-425f-89cd-29cd2b7b69d6

Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=84144e56-f653-4c92-bf49-d44d9ba10489

Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=0a5a446d-0a48-4eec-b424-87339b34a3be

Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=5642136e-68f6-42e8-b48e-1549733c6e7d

Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=1d4f0f25-9539-4c38-babb-4af7f0f4c6cf

Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=10bab7d4-0dd8-4fa7-b26c-715a68553707

Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=93591461-39ff-4cbd-8df3-88cb80ed6255

Windows 7 for 32-bit Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=93591461-39ff-4cbd-8df3-88cb80ed6255

Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=e2083388-19a9-4754-9449-1dad2a7f7543

Windows 7 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=e2083388-19a9-4754-9449-1dad2a7f7543

Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=d46ec8ea-b8c8-42d9-a201-f36eb97b91b8

Windows Server 2008 R2 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=d46ec8ea-b8c8-42d9-a201-f36eb97b91b8

Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=c132173b-f869-47ec-bb70-6307081473fe

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=c132173b-f869-47ec-bb70-6307081473fe

-- Internet Explorer 9 --

Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=daba1ef1-62db-43db-9d5b-495aa2d3550f

Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=aae496ef-fca2-4632-9a8f-2108722d2b28

Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=0b2965d7-e0b2-4035-a9e4-f6badb389098

Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=612a94ef-0950-41e8-9875-a8f0e71eba6f

Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=b303f86a-df17-4961-b677-0c38bd6a86d3

Windows 7 for 32-bit Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=b303f86a-df17-4961-b677-0c38bd6a86d3

Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=01045ee2-c7c4-4078-969f-905fd7e8774f

Windows 7 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=01045ee2-c7c4-4078-969f-905fd7e8774f

Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=c44a0253-fefc-4ce6-9cfd-396fdea71f8d

Windows Server 2008 R2 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=c44a0253-fefc-4ce6-9cfd-396fdea71f8d

1) The vendor credits an anonymous person via iDefense VCP.
2) The vendor credits Rosario Valotta.
3) Stephen Fewer, Harmony Security via ZDI.
4) An anonymous person via ZDI.
5) Reported as a 0-day. Independently reported by an anonymous person via ZDI.

MS12-063 (KB2744842):
http://technet.microsoft.com/en-us/security/bulletin/ms12-063

Microsoft:
http://technet.microsoft.com/en-us/security/advisory/2757760

Zataz.com:
http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-198/
http://www.zerodayinitiative.com/advisories/ZDI-12-199/
http://www.zerodayinitiative.com/advisories/ZDI-12-200/
http://www.zerodayinitiative.com/advisories/ZDI-13-007/