CVE-2012-0172
published 2012-04-10CVE-2012-0172: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a…
PriorityP353critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
21.90%
97.3th percentile
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7p6j-x2wj-cw7w: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi
ghsa_unreviewed·2022-05-04
CVE-2012-0172 [HIGH] CWE-94 GHSA-7p6j-x2wj-cw7w: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
Red Hat
boost regular expression NULL dereference flaw
vendor_redhat·2008-01-11·CVSS 5.0
CVE-2008-0172 [MEDIUM] CWE-476 boost regular expression NULL dereference flaw
boost regular expression NULL dereference flaw
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
Statement: This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4 and 6. This issue was addressed in boost packages in Red Hat Enterprise Linux 5 via RHSA-2012:0305.
No detection rules found.
No public exploits indexed.
http://www.securitytracker.com/id?1026901http://www.us-cert.gov/cas/techalerts/TA12-101A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023https://exchange.xforce.ibmcloud.com/vulnerabilities/74383https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15550http://www.securitytracker.com/id?1026901http://www.us-cert.gov/cas/techalerts/TA12-101A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023https://exchange.xforce.ibmcloud.com/vulnerabilities/74383https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15550
2012-04-10
Published