copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2012.0534 - ALERT [Win] Internet Explorer: Multiple vulnerabilities

Date: 13 June 2012
References: ESB-2012.0540  ESB-2012.0662  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0534
        Cumulative Security Update for Internet Explorer (2699988)
                               13 June 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Internet Explorer
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-1882 CVE-2012-1881 CVE-2012-1880
                   CVE-2012-1879 CVE-2012-1878 CVE-2012-1877
                   CVE-2012-1876 CVE-2012-1875 CVE-2012-1874
                   CVE-2012-1873 CVE-2012-1872 CVE-2012-1858
                   CVE-2012-1523  

Original Bulletin: 
   http://technet.microsoft.com/en-us/security/bulletin/ms12-037

Comment: At least one vulnerability referenced in this bulletin is being 
         actively exploited.

- --------------------------BEGIN INCLUDED TEXT--------------------

Microsoft Security Bulletin MS12-037 - Critical

Cumulative Security Update for Internet Explorer (2699988)

Published Date: June 12, 2012 | Updated Date: Unspecified

Version: 1.0

General Information

Executive Summary

This security update resolves one publicly disclosed and twelve
privately reported vulnerabilities in Internet Explorer. The most
severe vulnerabilities could allow remote code execution if a user
views a specially crafted webpage using Internet Explorer. An
attacker who successfully exploited any of these vulnerabilities
could gain the same user rights as the current user. Users whose
accounts are configured to have fewer user rights on the system
could be less impacted than users who operate with administrative
user rights.

This security update is rated Critical for Internet Explorer 6,
Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9
on Windows clients and Moderate for Internet Explorer 6, Internet
Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows
servers.

The update addresses the vulnerabilities by modifying the way that
Internet Explorer handles objects in memory, HTML sanitization using
toStaticHTML, the way that Internet Explorer renders data during
certain processes, and the way that Internet Explorer creates and
initializes strings.

Affected Software

Internet Explorer 6 
Internet Explorer 7 
Internet Explorer 8 
Internet Explorer 9 

Vulnerability Information

Center Element Remote Code Execution Vulnerability - CVE-2012-1523

A remote code execution vulnerability exists in the way that Internet
Explorer accesses an object that has been deleted. The vulnerability
may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1523.

HTML Sanitization Vulnerability - CVE-2012-1858

An information disclosure vulnerability exists in the way that
Internet Explorer handles content using specific strings when
sanitizing HTML. An attacker could exploit the vulnerability by
constructing a specially crafted Web page that could allow information
disclosure if a user viewed the Web page. An attacker who successfully
exploited this vulnerability could inflict cross-site scripting on
the user, allowing the attacker to execute script in the user's
security context against a site that is using the toStaticHTML
method.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1858.

EUC-JP Character Encoding Vulnerability - CVE-2012-1872

An information disclosure vulnerability exists in Internet Explorer
that could allow script to perform Cross-Site Scripting attacks.
An attacker could exploit the vulnerability by inserting specially
crafted strings in to a website, resulting in information disclosure
when a user viewed the website.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1872.

Null Byte Information Disclosure Vulnerability - CVE-2012-1873

An information disclosure vulnerability exists in Internet Explorer
that could allow an attacker to gain access and read Internet
Explorer's process memory. An attacker could exploit the vulnerability
by constructing a specially crafted webpage that could allow
information disclosure if a user viewed the webpage. An attacker
who successfully exploited this vulnerability could view content
from Internet Explorer's process memory.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1873.


Developer Toolbar Remote Code Execution Vulnerability - CVE-2012-1874

A remote code execution vulnerability exists in the way that Internet
Explorer accesses an object that has been deleted. The vulnerability
may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1874.

Same ID Property Remote Code Execution Vulnerability - CVE-2012-1875

A remote code execution vulnerability exists in the way that Internet
Explorer accesses an object that has been deleted. The vulnerability
may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1875.

Col Element Remote Code Execution Vulnerability - CVE-2012-1876

A remote code execution vulnerability exists in the way that Internet
Explorer accesses an object that does not exist. The vulnerability
may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1876.

Title Element Change Remote Code Execution Vulnerability - CVE-2012-1877

A remote code execution vulnerability exists in the way that Internet
Explorer accesses an object that has been deleted. The vulnerability
may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1877.


OnBeforeDeactivate Event Remote Code Execution Vulnerability -
CVE-2012-1878

A remote code execution vulnerability exists in the way that Internet
Explorer accesses an object that has been deleted. The vulnerability
may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1878.

insertAdjacentText Remote Code Execution Vulnerability - CVE-2012-1879

A remote code execution vulnerability exists in the way that Internet
Explorer accesses an undefined memory location. The vulnerability
may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1879.

insertRow Remote Code Execution Vulnerability - CVE-2012-1880

A remote code execution vulnerability exists in the way that Internet
Explorer accesses an object that has been deleted. The vulnerability
may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1880.


OnRowsInserted Event Remote Code Execution Vulnerability - CVE-2012-1881

A remote code execution vulnerability exists in the way that Internet
Explorer accesses an object that has been deleted. The vulnerability
may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1881.


Scrolling Events Information Disclosure Vulnerability - CVE-2012-1882

An information disclosure vulnerability exists in Internet Explorer
that could allow an attacker to gain access to information in another
domain or Internet Explorer zone. An attacker could exploit the
vulnerability by constructing a specially crafted webpage that could
allow information disclosure if a user viewed the webpage. An
attacker who successfully exploited this vulnerability could view
content from another domain or Internet Explorer zone.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2012-1882.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT9ffsO4yVqjM2NGpAQKSiRAAo6rXyYqWQK6vy3l5gHsDTkkyKUhoCq1m
9hVhsfcZDJQyuv2yjd4lix2vBJ8q26bfuDJFzI4ZSaAVpjjRmcarnfldYpIrSfMj
NnjF6nFCs1XhzJYBQoXxe92VVuR5PGilaBf9CYNmTqnY65SD4nGsONlSu3ov/iOX
anihtD/iCUXF8GhOmR1FLCMQ3BC5n2Tq5LnQbD8f7l4AkNsCUOEoufU0HrVoDr79
fnLtg2LM6Jw/zuKM8l08qXKrTIx5KvVuzfyKNQU1J1xJYk8ShiQdmQjiJdT4WiQZ
NpdAPU5eOwAAamPBv2AiV65IVXs5/LJRGi1HcJUpAYNeT1A4P+rh2eS3x4ll99We
vInDwxtlwm1p0aUhmhaGI9Vmh1HOpFhLJMmsJd+QT6ESBZiJAGO2JYMUaCP5Pf4E
uYaXx1CUoLWA/HXxLLFqxO7jTjC9nbYNzly2RjemtvnyxMSXR8gNyHltGO+lU9Rn
Kt0AGL/sANYRwChobBhk4nCwf6jqYLde6p5fAW0YMrE5G1g0ghxRBoataBvQCwgG
FPZBXymeYMXL0lClr6Oi8YIubu57QdNfspC1OM6EfLP8xz8+o/9v+EHziNBKe64T
A5UdEPnmb2YVUZLgzUT2LhMwdT5hIk+JvLGER2dWc1yr/xmmz2PFKagiqW7Mvggv
+HWz0LZ0T9s=
=bAIF
-----END PGP SIGNATURE-----