Vulnerability Manager Plus

Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2799329)

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

91.83%

CVE Information

Source CVE
CVE-2012-4792

Associated CVE
CVE-2012-4792

Patch Details

Patch associated with this vulnerability is supported by ManageEngine.

Patch ID
13038

Patch Description
Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2799329)

References

http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html
http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx
http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx
http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/
http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html
http://technet.microsoft.com/security/advisory/2794220
http://technet.microsoft.com/security/bulletin/MS13-008
http://www.kb.cert.org/vuls/id/154201
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
http://www.us-cert.gov/cas/techalerts/TA13-015A.html
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb