cve/2012/CVE-2012-4792.md

CVE-2012-4792

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

POC

Reference

• http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html
• http://www.kb.cert.org/vuls/id/154201

Github

• https://github.com/LyleMi/dom-vuln-db
• https://github.com/WizardVan/CVE-2012-4792
• https://github.com/dyjakan/exploit-development-case-studies