Eng en

Select Country or Region

Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

You are here: Threats Vulnerability protection 0-day vulnerabilities CVE-2012-4792

Vulnerability protection

Internet Explorer Remote Code Execution Vulnerability


Report ID: MAPP-CVE20124792
Date Published: 2 January 2013
Date Revised: 2 January 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote

Affected Product/Component:

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8




Summary

A vulnerability in Internet Explorer (IE) could, upon successful exploitation, allow a remote attacker to execute arbitrary code and take complete control of a compromised system.



Detailed Description

Microsoft has reported about a remote code execution vulnerability in Internet Explorer (IE), where IE6, IE7 and IE8 are affected. The vulnerability exists when IE accesses a deleted or an improperly allocated object in memory, causing a memory corruption condition that may allow code execution in the context of a current user. There were reports on this vulnerability being used in targeted attacks via IE8.

To mitigate the impact of this vulnerability, users are advised to implement some workarounds such as applying the relevant Microsoft Fix it solution, or deploying the Enhanced Mitigation Experience Toolkit (EMET). Complete instruction is available from Microsoft Security Advisory 2794220.

F-Secure detects the files taking advantage of this vulnerability as Exploit:W32/Heartbreaker.A starting in Hydra database version 2012-12-31_02 , Trojan:W32/Agent.DUHX starting in Hydra database version 2012-12-31_01, and Trojan.Generic.KDV.819062 starting in Aquarius database version 2012-12-30_02. These database updates were released on 30 and 31 December 2012. Please allow F-Secure products to block installation of files that take advantage of this vulnerability.



CVE Reference

CVE-2012-4792



Detected Exploit

Detections
Exploit:W32/Heartbreaker.A
Trojan:W32/Agent.DUHX
Trojan.Generic.KDV.819062

Databases
Hydra database version 2012-12-31_02
Hydra database version 2012-12-31_01
Aquarius database version 2012-12-30_02

Release Dates
31 December 2012
30 December 2012



Solution

Workarounds
Microsoft recommends users to apply the following workarounds to mitigate the impact of the vulnerability until a patch is released:

  • Apply the Microsoft Fix it solution, "MSHTML Shim Workaround"
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
  • Set Internet security zone setting to "High"
  • Configure Internet Explorer to prompt before running Active Scripting, or disable Active Scripting 

For complete instructions, please refer to Microsoft Security Advisory 2794220

 

Removal/Disinfection
Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.



Original Source

Microsoft Security Advisory 2794220



Additional Info

Targeted zero-day attack on CFR site



Online Virus Scanner

 
Run a quick online virus scan of your computer.

 

Try it

Health Check

 
Evaluate your computer's security and see recommended updates for popular programs.

 

Try it

Submit a sample

Wondering if a file or URL is malicious?

Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

 

Submit