Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1875Code Injection in Microsoft Internet Explorer

CWE-94Code Injection13 documents10 sources
Severity
9.3CRITICALNVD
EPSS
82.2%
top 0.78%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJun 12
Latest updateFeb 12

Description

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-m5pq-9mp5-8ff4: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a delet2022-05-13
VulnCheck
Microsoft Internet Explorer Improper Control of Generation of Code ('Code Injection')2012

💥Exploits & PoCs

2
Exploit-DB
Microsoft Internet Explorer - Same ID Property Deleted Object Handling Memory Corruption (MS12-037) (Metasploit)2012-06-14
Metasploit
MS12-037 Microsoft Internet Explorer Same ID Property Deleted Object Handling Memory Corruption

🕵️Threat Intelligence

7
Krebs
In a Zero-Day World, It’s Active Attacks that Matter – Krebs on Security2012-10-01
Krebs
In a Zero-Day World, It’s Active Attacks that Matter2012-10-01
Talos
Microsoft In-The-Wild Coverage - CVE-2012-1889 and CVE-2012-18752012-06-21
Talos
Microsoft In-The-Wild Coverage - CVE-2012-1889 and CVE-2012-18752012-06-21
Recorded Future
Uncovering Hidden Lynx: Using OSINT for APT Analysis

📄Research Papers

1
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures2025-02-12
CVE-2012-1875 — Code Injection in Microsoft | cvebase