CVE-2012-1877

Loading...

General

Score:9.3/10.0
Severity:High
Category:Input Validation Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2012-1523, CVE-2012-1858, CVE-2012-1872, CVE-2012-1873, CVE-2012-1874, CVE-2012-1875, CVE-2012-1876, CVE-2012-1878, CVE-2012-1879, CVE-2012-1880, CVE-2012-1881, CVE-2012-1882

Published on 13/06/12 - Updated on 19/09/17

Description

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."

Category: Input Validation Error

CWE-94 (Code Injection)
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Security Notices

US National Vulnerability DatabaseCVE-2012-1877
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2012-AVI-321
Microsoft MS12-037

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
microsoftie

Share this vulnerability with:

Twitter Facebook LinkedIn Mail