Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792

Last Revised
Alert Code
TA13-015A

Systems Affected

  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 8

Overview

Microsoft has released Security Bulletin MS13-008 to address the CButton use-after-free vulnerability (CVE-2012-4792).

Microsoft Internet Explorer versions 6, 7, and 8 are susceptible to a use-after-free vulnerability. This vulnerability is being actively exploited in the wild. Microsoft has released Security Bulletin MS13-008 to address this vulnerability.

Additional information is available in Vulnerability Note VU#154201.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

US-CERT recommends that Internet Explorer users run Windows Update as soon as possible to apply the MS13-008 update.

Revisions

January 15, 2013: Initial release

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.