Detections
Analytics
MS12-063: Cumulative Security Update for Internet Explorer (2744842)
high Nessus Plugin ID 62223
Language:
Synopsis
The remote host is affected by code execution vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2744842.The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-063
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2012/2757760
https://www.zerodayinitiative.com/advisories/ZDI-12-200/
https://www.zerodayinitiative.com/advisories/ZDI-12-199/
https://www.zerodayinitiative.com/advisories/ZDI-12-198/
https://www.zerodayinitiative.com/advisories/ZDI-13-007/
https://www.securityfocus.com/archive/1/524504/30/0/threaded
https://www.securityfocus.com/archive/1/524505/30/0/threaded
Plugin Details
Severity: High
ID: 62223
File Name: smb_nt_ms12-063.nasl
Version: 1.17
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 9/21/2012
Updated: 6/8/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2012-4969
Vulnerability Information
CPE: cpe:/a:microsoft:ie, cpe:/o:microsoft:windows
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/21/2012
Vulnerability Publication Date: 9/17/2012
CISA Known Exploited Vulnerability Due Dates: 6/22/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability)
Reference Information
CVE: CVE-2012-1529, CVE-2012-2546, CVE-2012-2548, CVE-2012-2557, CVE-2012-4969