Info

Disclosure

Sep 21, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 21, 2012

Description

A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to sanitize user-supplied input related to 'OnMove', resulting in memory corruption. With a specially crafted webpage, a context-dependent attacker can execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Microsoft Corporation	Internet Explorer	8
		9

References

Security Tracker: 1027555
CVE ID: 2012-1529 (see also: NVD)
Microsoft Knowledge Base Article: 2744842
Bugtraq ID: 55641
ISS X-Force ID: 78756
Related OSVDB ID: 85572 85573 85574
Microsoft Security Bulletin: MS12-063
CERT: TA12-255A [ Link is 404 ]

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85571

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit