Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Microsoft Internet Explorer execCommand Use-After-Free

Disclosure Date: September 18, 2012 Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

Add Assessment

1
Technical Analysis

.text:7625B0F2
.text:7625B0F2 loc_7625B0F2: ; CODE XREF: _MemAllocClear(x)+25j
.text:7625B0F2 ; _MemAllocClear(x)+33j …
.text:7625B0F2 push [ebp+dwBytes] ; dwBytes
.text:7625B0F5 push 8 ; dwFlags
.text:7625B0F7 push _g_hProcessHeap ; hHeap
.text:7625B0FD call ds:impHeapAlloc@12 ; HeapAlloc(x,x,x)
.text:7625B103
.text:7625B103 loc_7625B103: ; CODE XREF: _MemAllocClear(x)+71j
.text:7625B103 pop edi
.text:7625B104 pop ebx
.text:7625B105 leave
.text:7625B106 retn 4
.text:7625B106 __MemAllocClear@4 endp
.text:7625B106
”`

General Information

Additional Info

Technical Analysis