Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Internet Explorer cumulative security update


Report ID: MS201202003
Date Published: 15 February 2012

Criticality: Critical
Compromise Type: information-disclosure remote-code-execution
Compromise From: remote


Affected Product/Component:

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9




Summary

A cumulative security update for Internet Explorer addresses four reported vulnerabilities, two of which could lead to remote code execution while the other two could lead to information disclosure.



Detailed Description

Microsoft has released a security update for Internet Explorer (IE) to address four vulnerabilities, two of which could lead to remote code execution while the other two could lead to information disclosure.

The two remote code execution vulnerabilities (CVE-2012-0011 and CVE-2012-0155) were caused by a memory corruption that resulted when IE tries to access a deleted object. Upon successful exploit, an attacker could execute code in the context of a logged-on user.

The third vulnerability (CVE-2012-0010) was caused by insufficient data validation during a copy and paste operation. An attacker could exploit this vulnerability to view content from another domain. And the fourth one (CVE-2012-0012), an information disclosure vulnerability could allow an attacker to view content from the IE process memory.

These issues have been resolved in the latest update by making several modifications in IE. Users are recommended to install this update as a protection against potential exploit.



CVE Reference

CVE-2012-0010
CVE-2012-0011
CVE-2012-0012
CVE-2012-0155



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-010)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.