MS KB2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has a web browser installed that is affected by a
remote code execution vulnerability.

Description :

The remote host is missing the workaround referenced in KB 2794220
(Microsoft 'Fix it' 50971). This workaround mitigates a use-after-free
vulnerability in Internet Explorer. Without this workaround enabled, an
attacker could exploit this vulnerability by tricking a user into
viewing a maliciously crafted web page, resulting in arbitrary code
execution. This vulnerability is being actively exploited in the wild.

Note that the Microsoft 'Fix it' solution is effective only if the latest
available version of 'mshtml.dll' is installed.

This plugin has been deprecated due to the publication of MS13-008.
Microsoft has released updates that make the workarounds unnecessary.
To check for those, use Nessus plugin ID 63522.

See also :

http://support.microsoft.com/kb/2794220

Solution :

Apply Microsoft 'Fix it' 50971.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 63372 ()

Bugtraq ID: 57070

CVE ID: CVE-2012-4792

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now