Microsoft Internet Explorer vulnerabilities

CVE-2012-4775 [HIGH] CWE-399 CVE-2012-4775: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."

CVE-2012-1539 [HIGH] CWE-399 CVE-2012-1539: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."

CVE-2012-2557 [CRITICAL] CWE-399 CVE-2012-2557: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to e Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."

CVE-2012-2548 [CRITICAL] CWE-399 CVE-2012-2548: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability."

CVE-2012-2546 [CRITICAL] CWE-399 CVE-2012-2546: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability."

CVE-2012-1529 [CRITICAL] CWE-399 CVE-2012-1529: Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execu Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."

CVE-2012-4969 [HIGH] CWE-416 CVE-2012-4969: Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Exp Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

CVE-2012-2522 [CRITICAL] CWE-94 CVE-2012-2522: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."

CVE-2012-2523 [CRITICAL] CWE-189 CVE-2012-2523: Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit pla Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."

CVE-2012-1526 [CRITICAL] CWE-119 CVE-2012-1526: Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."

CVE-2012-2521 [CRITICAL] CWE-94 CVE-2012-2521: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability."

CVE-2012-1522 [CRITICAL] CWE-94 CVE-2012-1522: Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attack Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."

CVE-2012-1524 [CRITICAL] CWE-94 CVE-2012-1524: Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attack Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."

CVE-2012-1523 [CRITICAL] CWE-94 CVE-2012-1523: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."

CVE-2012-1880 [CRITICAL] CWE-94 CVE-2012-1880: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."

CVE-2012-1876 [CRITICAL] CWE-94 CVE-2012-1876: Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects i Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own co

CVE-2012-1874 [CRITICAL] CWE-94 CVE-2012-1874: Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-as Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."

CVE-2012-1878 [CRITICAL] CWE-94 CVE-2012-1878: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."

CVE-2012-1881 [CRITICAL] CWE-94 CVE-2012-1881: Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."

CVE-2012-1875 [CRITICAL] CWE-94 CVE-2012-1875: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attack Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."