CVE-2012-4969

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 9

Description A use-after-free issue in the CMshtmlEd::Exec function in mshtml.dll allows remote attackers to execute arbitrary code via a crafted web site. This issue has been exploited in the wild. The vulnerability may corrupt memory, enabling an attacker to execute arbitrary code in the context of the current user.

Recommendations For versions 6 through 9, consider disabling the CMshtmlEd::Exec function as a temporary workaround until a patch is available. Restrict access to potentially vulnerable web sites to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.