CVE-2012-4792

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8

Description The issue is related to a use-after-free vulnerability in the CDwnBindInfo function of the mshtml.dll library in Internet Explorer. This vulnerability allows a remote attacker to execute arbitrary JavaScript code by sending a specially crafted HTML file. The vulnerability may corrupt memory, enabling an attacker to execute arbitrary code in the context of the current user. It has been exploited in the wild, with reported incidents of remote code execution, including a watering hole attack on the Council on Foreign Relations website in 2012.

Recommendations For Microsoft Internet Explorer versions 6 through 8, consider disabling the CDwnBindInfo object as a temporary workaround until a patch is available. Restrict access to potentially vulnerable web sites to minimize the risk of exploitation. Avoid using Internet Explorer for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.