Vulnerability Name:

CVE-2012-1545 (CCN-73870)

Assigned:2012-03-08
Published:2012-03-08
Updated:2021-07-23
Summary:Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MISC
Type: UNKNOWN
http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars

Source: MITRE
Type: CNA
CVE-2012-1545

Source: MISC
Type: UNKNOWN
http://pwn2own.zerodayinitiative.com/status.html

Source: MISC
Type: UNKNOWN
http://twitter.com/vupen/statuses/177895844828291073

Source: CCN
Type: Microsoft Web site
Internet Explorer

Source: CCN
Type: OSVDB ID: 80174
Microsoft IE Protected Mode Bypass Low Integrity Process Handling Memory Corruption DoS

Source: CCN
Type: ZDNet Web site
Pwn2Own 2012: IE 9 hacked with two 0day vulnerabilities

Source: MISC
Type: UNKNOWN
http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621

Source: XF
Type: UNKNOWN
ms-ie-protected-mode-dos(73870)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:10:consumer_preview:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:10:consumer_preview:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:26208
    V
    		Denial of service (memory corruption) by leveraging access to a Low integrity process.
    2014-10-20
    BACK
    microsoft internet explorer 6.00.3790.3959
    microsoft internet explorer 6.0.2900.2180
    microsoft internet explorer 6.00.3790.1830
    microsoft internet explorer 6.0.2900
    microsoft internet explorer 7.0.5730 unknown
    microsoft internet explorer 7.0 beta2
    microsoft internet explorer 7.0 beta1
    microsoft internet explorer 7.0.5730.11
    microsoft internet explorer 6.0.2800.1106
    microsoft internet explorer 6.0
    microsoft internet explorer 6.00.3718.0000
    microsoft ie 10 consumer_preview
    microsoft internet explorer 9
    microsoft internet explorer 6.0.2600
    microsoft internet explorer 6.00.2462.0000
    microsoft internet explorer 6.00.2479.0006
    microsoft internet explorer 6.0.2800
    microsoft internet explorer 6.00.2600.0000
    microsoft internet explorer 6.00.2800.1106
    microsoft internet explorer 7.0 beta
    microsoft internet explorer 7.0
    microsoft internet explorer 6.00.2900.2180
    microsoft internet explorer 6.00.3663.0000
    microsoft internet explorer 6.00.3790.0000
    microsoft internet explorer 7.0 beta3
    microsoft internet explorer 7.00.5730.1100
    microsoft internet explorer 7.00.6000.16386
    microsoft internet explorer 7.00.6000.16441
    microsoft internet explorer 8.0.6001 beta
    microsoft internet explorer 8.0.6001
    microsoft ie 6.0
    microsoft ie 6.0.2800
    microsoft ie 6.0.2600
    microsoft ie 6.0.2800.1106
    microsoft ie 6.0.2900.2180
    microsoft ie 7.0 beta2
    microsoft ie 7.0
    microsoft ie 7.0 beta1
    microsoft ie 7.0 beta3
    microsoft ie 6.0.2900
    microsoft ie 6.00.2462.0000
    microsoft ie 6.00.2479.0006
    microsoft ie 6.00.2600.0000
    microsoft ie 6.00.2800.1106
    microsoft ie 6.00.2900.2180
    microsoft ie 6.00.3663.0000
    microsoft ie 6.00.3718.0000
    microsoft ie 6.00.3790.0000
    microsoft ie 6.00.3790.1830
    microsoft ie 6.00.3790.3959
    microsoft ie 7.0.5730.11
    microsoft ie 7.0 beta
    microsoft ie 7.00.5730.1100
    microsoft ie 7.00.6000.16386
    microsoft ie 7.00.6000.16441
    microsoft ie 7.0.5730 unknown
    microsoft ie 8.0.6001 beta
    microsoft ie 8.0.6001
    microsoft ie 9
    microsoft ie 10 consumer_preview