Vulnerability Description
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 9 |
| Microsoft | Windows 7 | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows 8 | - |
| Microsoft | Windows Rt | - |
| Microsoft | Windows Server 2012 | - |
Related Weaknesses (CWE)
References
- http://www.us-cert.gov/cas/techalerts/TA12-346A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.us-cert.gov/cas/techalerts/TA12-346A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2012-4787?
CVE-2012-4787 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properl...
How severe is CVE-2012-4787?
CVE-2012-4787 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2012-4787?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Microsoft Windows 7, Microsoft Windows Server 2008, Microsoft Windows Vista, Microsoft Windows 8.