National Cyber Awareness System US-CERT Alert TA13-015A Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792 Original release date: January 15, 2013 Last revised: -- Systems Affected * Microsoft Internet Explorer 6 * Microsoft Internet Explorer 7 * Microsoft Internet Explorer 8 Overview Microsoft has released Security Bulletin MS13-008 to address the CButton use-after-free vulnerability (CVE-2012-4792). Description Microsoft Internet Explorer versions 6, 7, and 8 are susceptible to a use-after-free vulnerability. This vulnerability is being actively exploited in the wild. Microsoft has released Security Bulletin MS13-008 to address this vulnerability. Additional information is available in Vulnerability Note VU#154201. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution US-CERT recommends that Internet Explorer users run Windows Update as soon as possible to apply the MS13-008 update. Revision History January 15, 2013: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <firstname.lastname@example.org> with "TA13-015A Feedback VU#154201" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA13-015A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.