(MS13-008) Security Update for Internet Explorer (2799329)

Publish date: February 28, 2013

Severity: CRITICAL

CVE Identifier: CVE-2012-4792

Advisory Date: JAN 15, 2013

DESCRIPTION

This patch addresses a vulnerability on Internet Explorer. Once successfully exploited, it could allow remote code execution once users view a specially crafted website thus compromising the security of the infected systems.

Note that this vulnerability does not affect Internet Explorer versions 9 and 10 respectively. The following Windows Server Core Installations are also not affected:

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 (Server Core installation)

TREND MICRO PROTECTION INFORMATION

MS Bulletin ID	Vulnerability ID	DPI Rule Number	DPI Rule Name	Release Date	IDF Compatibility
MS13-008	CVE-2012-4792	1005297	Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability	31-Dec-12	YES
		1005301	Identified Suspicious JavaScript Encoded Window Location Object	31-Dec-12	YES
	CVE-2012-4792	1005298	Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability	31-Dec-12	YES

SOLUTION

PATCH: http://technet.microsoft.com/en-us/security/bulletin/ms13-008

AFFECTED SOFTWARE AND VERSION

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8

Related Blog Entries

Related Vulnerability

MS Advisory (2794220) Vulnerability in Internet Explorer Could Allow Remote Code Execution

Featured Stories

$One Flaw too Many: Vulnerabilities in SCADA Systems$
One Flaw too Many: Vulnerabilities in SCADA Systems
What is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.
Read more
$Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry$
Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry
We break down the digital attacks against the oil and gas industry and its supply chain.
Read more
$halloween exploits vulnerabilities bluekeep chrome zero days$
Halloween Exploits Scare: BlueKeep, Chrome’s Zero-Days in the Wild
Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.
Read more
$PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web Servers$
PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web Servers
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.
Read more