Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Internet Explorer cumulative security update


Report ID: MS201209004
Date Published: 24 September 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9




Summary

A cumulative security update for Internet Explorer has been released to address five vulnerabilities in Internet Explorer, including the 0-day vulnerability reported on 20 September 2012.



Detailed Description

Microsoft has issued a security update to address five reported vulnerabilities in Internet Explorer (IE), including one 0-day vulnerability reported in this report, Internet Explorer vulnerability. Each of the vulnerabilities was caused by memory corruption that resulted from accessing a deleted or an improperly initialized object in memory. An attacker could take advantage of the condition to execute arbitrary code and take control of the affected system.

These issues have been addressed through the latest security update for IE, which introduces modification in the way that objects in memory are handled. Users are recommended to install the latest update as a protection measure against potential exploit attempts.



CVE Reference

CVE-2012-1529, CVE-2012-2546, CVE-2012-2548, CVE-2012-2557, CVE-2012-4969



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-063)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.