OSVDB ID: 85573

Title: Microsoft IE CTreeNode Object ISpanQualifier Instance Type Confusion Use-after-free Memory Corruption

Info

Disclosure

Sep 21, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 21, 2012

Description

Microsoft Internet Explorer contains a flaw that is triggered as user-supplied input is not properly sanitized when handling CTreeNode objects. This will result in a type confusion between a CTreeNode object and an ISpanQualifier instance, which will cause a use-after-free error that will corrupt memory. This may allow a remote attacker to cause a loss of availability for the system or potentially allow the attacker to execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Microsoft Corporation

Internet Explorer

References

Security Tracker: 1027555
CVE ID: 2012-2548 (see also: NVD)
Microsoft Knowledge Base Article: 2744842
Bugtraq ID: 55646
Related OSVDB ID: 85571 85572 85574
Packet Storm: http://packetstormsecurity.org/files/119031/Zero-Day-Initiative-Advisory-12-200.html
Mail List Post: http://seclists.org/fulldisclosure/2012/Dec/215
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-12-200
http://www.zerodayinitiative.com/advisories/ZDI-13-007/
Microsoft Security Bulletin: MS12-063
CERT: TA12-255A [ Link is 404 ]

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85573