BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Internet Explorer execCommand Use-After-Free

Disclosed September 17, 2012    Fully Patched

Vulnerability Description:

A vulnerability within Internet Explorer can create a use-after-free, that may be exploited to gain arbitrary remote code execution within the context of the currently logged-on user.  Internet Explorer, when rendering an HTML page, improperly frees a CMshtmlEd object; however, during execution of the CMshtml::Exec() function, the already freed object is called again, creating a use-after-free scenario. This may be exploited by a heap spray, which allows an attacker to position a malicious payload for execution.

Vendors:

Microsoft

Vulnerable Software/Devices:

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.

BeyondTrust Prevention and Detection:

Blink Endpoint Protection mitigates this attack.

Retina Audit:

  • 17089 – Microsoft Internet Explorer CMshtmlEd::Exec() Code Execution (Zero-Day)

Mitigation:

Do not use Internet Explorer 6, 7, 8, or 9. Leverage EMET 3.0, which is available from Microsoft. Use the Fix it solution provided by Microsoft.

Links:

CVE(s):

None

Leave a Reply