
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0091

Title: Microsoft Internet Explorer Col Element Remote Code Execution Vulnerability [1,4]

Version history:
06.08.2012 Initial publication


Summary
=======
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. 
Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. 
Failed attacks will cause denial-of-service conditions.

CVE-2012-1876

CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)  [2,3]

Vulnerable systems
==================
Systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the 
most risk from this vulnerability [4]

Original Details
================
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that 
does not exist. The vulnerability may corrupt memory in such a way that an attacker could execute 
arbitrary code in the context of the current user. [4] 



What can you do?
================

Apply Workarounds (See recommendations by Microsoft) [4]

What to tell your users?
========================
N/A

More information
================

[1] http://www.securityfocus.com/bid/53848/discuss
[2] More information abut CVE - http://nvd.nist.gov/cvss.cfm?vectorinfo&version=2
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1876
[4] http://technet.microsoft.com/en-us/security/bulletin/ms12-037

Best regards,

CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJQH5VcAAoJEMQ9UMldbd3zZIAP/jfJyy+sxTZmuudR7Q0XGuY9
pPvcsL7q5jBA/BUIoy8raaB7H4uQeRqBG9db7AfsZqoDazdPnv+OHlfOErsyXasw
q5V6Hy5ZlAngrQKVLJJXoYpXZZS0LhiUakPvxMBGUSQh3HFG0e3bpxy/o0aPLl+c
QgjnwOV3luNPbK2z1mHgYFBNNM3pnpDlRd/VNSrDd5ONdarBD2nniMXogm+9FsKI
m3MSxOR9ty0Z1rCYUMnddmWJcjWAM03O0YwnNA9SFaXquwxVZOhDI0ycmURbIw61
88v5mw0/Tdze0AZtpOsWzBzCHpcVKy2pF//raOB67uT8kF/cT1Otw//oqcdFjhWA
gNpklSDMB+FOP2sJalUuIiAXd5kO+YUJ5upVbADZPhuOYix6fCoLVwU4uKHty+MH
OkKQGEQjVfPP3C7dh0vTDgbynuArioLwws4NqZXRFhyQ6G+ikV+bIGFVfFxnNKMO
JaMgj6ObCq5vQ0/n1E48Zkk2C4yKk7sg+xEQkBpIRiiz+Ot9WD8bPfwqnISfi2oi
Y8RQ2fZLkCMbmooGzVVY+DQ0PexVezDhe9UuIgDde00jkXgTQ0KFMwgIxprTiXKB
l+NWQgiprSUfMV4GkzKAD/hneyJhIpp10ntXJok6SpLmFklURzojj7omxh8GWIYY
z0qAIihcloiKMhtMHwtc
=kdLD
-----END PGP SIGNATURE-----