Description
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Published: 2012-12-30
Score: 8.8 High
EPSS: 91.4% High
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Oct 2025 01:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Mon, 28 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft ie
CPEs cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
Vendors & Products Microsoft ie
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.88883}

 epss

{'score': 0.88915}

Wed, 14 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-399
CPEs cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*		 cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

Tue, 06 Aug 2024 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
Vendors & Products Microsoft ie
Metrics kev

{'dateAdded': '2024-07-23'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Microsoft Ie Internet Explorer Windows 7 Windows Server 2003 Windows Server 2008 Windows Vista Windows Xp
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2025-10-22T00:05:45.500Z

Reserved: 2012-09-06T00:00:00.000Z

Link: CVE-2012-4792

cve-icon Vulnrichment

Updated: 2024-08-06T20:50:16.917Z

cve-icon NVD

Status : Modified

Published: 2012-12-30T18:55:01.477

Modified: 2026-04-21T15:20:44.547

Link: CVE-2012-4792

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses