Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Internet Explorer Vulnerability


Report ID: MAPP-MS201209003
Date Published: 20 September 2012
Date Revised: 24 September 2012

Criticality:
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9




Summary

A vulnerability in Internet Explorer (IE) could, upon successful exploitation, allow a remote attacker to execute arbitrary code and take complete control of a compromised system.



Detailed Description

Microsoft has released an advisory following the discovery of a vulnerability in Internet Explorer (IE). The vulnerability exists when IE attempts to access a deleted or improperly allocated object, which results in memory corruption. An attacker could take advantage of this condition to gain similar rights as the logged-on user, and possibly take complete control of a compromised system.

To mitigate the impact of this vulnerability, users are advised to implement some workarounds such as applying the relevant Microsoft Fix it solution, or deploying the Enhanced Mitigation Experience Toolkit (EMET). Complete instruction is available from Microsoft Security Advisory 2757760.

F-Secure detects the files taking advantage of this vulnerability as JS:Exploit.JS.Agent.AQ starting in Aquarius database version 2012-09-17_04, and as JS:Exploit.JS.Agent.AR starting in Aquarius database version 2012-09-17_05. Both versions were released on 17 September 2012. Please allow F-Secure products to block the installation of these malicious files, and to remove or disinfect the malicious files if found in the system.



CVE Reference

CVE-2012-4969



Detected Exploit

Generic Detections
JS:Exploit.JS.Agent.AQ
JS:Exploit.JS.Agent.AR

Database Versions
Aquarius database version 2012-09-17_04 at 20:41:06 UTC
Aquarius database version 2012-09-17_04 at 22:43:21 UTC

Release Date
17 September 2012

Detected Exploit Components
Exploit:W32/Defeater.B
Exploit:W32/Defeater.C
Exploit:W32/Defeater.D
Exploit:W32/SWFdloader.R
Exploit:W32/SWFdloader.S
Exploit:W32/SWFdloader.T
Exploit:W32/SWFdloader.U
Trojan.Dropper.UIU



Solution

Workarounds
Microsoft recommends users to apply the following workarounds to mitigate the impact of the vulnerability until a patch is released:

  • Apply the Microsoft Fix it solution, "Prevent Memory Corruption via ExecCommand in Internet Explorer"
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
  • Set Internet security zone setting to "High"
  • Configure Internet Explorer to prompt before running Active Scripting, or disable Active Scripting 

For complete instructions, please refer to Microsoft Security Advisory 2757760

 

Removal/Disinfection
Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.



Additional Info

UPDATE:
The patch for this vulnerability has been released on 21 September 2012, as addressed in Internet Explorer cumulative security update.

 




Online Virus Scanner

 
Run a quick online virus scan of your computer.

 

Submit a sample

Wondering if a file or URL is malicious?

Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)