Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

Microsoft Security Advisory for Internet Explorer Exploit

Last Revised
Alert Code
TA12-262A

Systems Affected

  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9

Overview

An unpatched use-after-free vulnerability in Microsoft Internet Explorer versions 6, 7, 8, and 9 is being exploited in the wild. Microsoft has released Security Advisory 2757760 with mitigation techniques.

Microsoft Internet Explorer versions 6, 7, 8, and 9 are susceptible to a use-after-free vulnerability. This vulnerability is being actively exploited in the wild. At this time, there is no patch available for this vulnerability. End-users can mitigate the vulnerability by using Microsoft's Enhanced Mitigation Experience Toolkit.

Additional mitigation advice is available in the MSRC blog post: "Microsoft Releases Security Advisory 2757760" and US-CERT Vulnerability Note VU#480095.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

US-CERT recommends Internet Explorer users read Microsoft Security Advisory 2757760 and apply mitigation techniques such as using the Microsoft Enhanced Mitigation Experience Toolkit.

References

Microsoft Security Advisory (2757760)
MSRC Blog: Microsoft Releases Security Advisory 2757760
Download Microsoft EMET 3.0
US-CERT Vulnerability Note VU#480095

Revisions

September 18, 2012: Initial release|September 19, 2012: Updated

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.