Vulnerability Name:
CVE-2012-0171 (CCN-74382)
Assigned:
2011-12-13
Published:
2012-04-10
Updated:
2022-03-01
Summary:
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."
CVSS v3 Severity:
10.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
9.3 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
6.9 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
9.3 High
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
6.9 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-94
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2012-0171
Source: CCN
Type: SA48724
Microsoft Internet Explorer Multiple Vulnerabilities
Source: CCN
Type: Microsoft Security Bulletin MS12-023
Cumulative Security Update for Internet Explorer (2675157)
Source: CCN
Type: Microsoft Security Bulletin MS12-037
Cumulative Security Update for Internet Explorer (2699988)
Source: CCN
Type: Microsoft Security Bulletin MS12-044
Cumulative Security Update for Internet Explorer (2719177)
Source: CCN
Type: Microsoft Security Bulletin MS12-052
Cumulative Security Update for Internet Explorer (2722913)
Source: CCN
Type: BID-52905
Microsoft Internet Explorer CVE-2012-0171 SelectAll Remote Code Execution Vulnerability
Source: SECTRACK
Type: Broken Link, Third Party Advisory, VDB Entry
1026901
Source: CERT
Type: Third Party Advisory, US Government Resource
TA12-101A
Source: MS
Type: Patch, Vendor Advisory
MS12-023
Source: XF
Type: Third Party Advisory, VDB Entry
ms-ie-selectall-code-exec(74382)
Source: XF
Type: UNKNOWN
ms-ie-selectall-code-exec(74382)
Source: OVAL
Type: Tool Signature
oval:org.mitre.oval:def:15313
Source: CCN
Type: ZDI-12-065
Microsoft Internet Explorer selectAll Use-After-Free Remote Code Execution Vulnerability
Vulnerable Configuration:
Configuration 1
:
cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
AND
cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
OR
cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Configuration 2
:
cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
AND
cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
OR
cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Configuration 3
:
cpe:/a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
AND
cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
OR
cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Configuration 4
:
cpe:/a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
AND
cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
OR
cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
OR
cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
OR
cpe:/a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.mitre.oval:def:15313
V
SelectAll Remote Code Execution Vulnerability
2014-08-18
BACK
microsoft
internet explorer 6
microsoft
windows server 2003 - sp2
microsoft
windows xp - sp2
microsoft
windows xp - sp3
microsoft
internet explorer 7
microsoft
windows server 2003 - sp2
microsoft
windows server 2008 - sp2
microsoft
windows vista - sp2
microsoft
windows xp - sp2
microsoft
windows xp - sp3
microsoft
internet explorer 8
microsoft
windows 7 -
microsoft
windows 7 - sp1
microsoft
windows server 2003 - sp2
microsoft
windows server 2008 - sp2
microsoft
windows server 2008 r2
microsoft
windows server 2008 r2 sp1
microsoft
windows vista - sp2
microsoft
windows xp - sp2
microsoft
windows xp - sp3
microsoft
internet explorer 9
microsoft
windows 7 -
microsoft
windows 7 - sp1
microsoft
windows server 2008 - sp2
microsoft
windows server 2008 r2
microsoft
windows server 2008 r2 sp1
microsoft
windows vista - sp2
microsoft
ie 9
microsoft
ie 6
microsoft
ie 7
microsoft
ie 8