cbcvebase.
CVE-2012-0155
published 2012-02-14

CVE-2012-0155: Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted…

PriorityP358critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
65.50%
99.2th percentile
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."

Affected

5 ranges
VendorProductVersion rangeFixed in
activerecord_projectactiverecord>= 3.0.0 < 3.0.193.0.19
activerecord_projectactiverecord>= 3.1.0 < 3.1.103.1.10
activerecord_projectactiverecord>= 3.2.0 < 3.2.113.2.11
activerecord_projectactiverecord>= 4.2.0 < 4.2.7.14.2.7.1
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • ·Sources DOC 2 and DOC 3 are about CVE-2013-0155 and CVE-2013-0156 (Ruby on Rails), not CVE-2012-0155 (Microsoft Internet Explorer 9 VML RCE). No operational IOCs, detection hints, or configuration caveats are present in the sources for CVE-2012-0155.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
ghsa6.4MEDIUM
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.