MS KB2757760: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)

High Nessus Plugin ID 62201


This plugin has been deprecated.


The remote host is missing the workaround referenced in KB 2757760 (Microsoft 'Fix it' 50939). This workaround mitigates a use-after-free vulnerability in Internet Explorer. Without this workaround enabled, an attacker could exploit this vulnerability by tricking a user into view a maliciously crafted web page, resulting in arbitrary code execution. This vulnerability is being actively exploited in the wild.

This plugin has been deprecated due to the publication of MS12-063.
Microsoft has released patches that make the workarounds unnecessary. To check for the patches, use Nessus plugin ID 62223.



See Also

Plugin Details

Severity: High

ID: 62201

File Name: smb_kb2757760.nasl

Version: $Revision: 1.13 $

Type: remote

Agent: windows

Family: Windows

Published: 2012/09/19

Modified: 2017/08/30

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:W/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:ie

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion, SMB/ProductName

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2012/09/17

Exploitable With

Metasploit (Microsoft Internet Explorer execCommand Use-After-Free Vulnerability)

Reference Information

CVE: CVE-2012-4969

BID: 55562

OSVDB: 85532

CERT: 480095

MSKB: 2757760