Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 8

Remote code execution in Microsoft Internet Explorer
CVE-2012-4792

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling the CDwnBindInfo object and attempting to access an object in memory that has not been initialized or has been deleted. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This vulnerability was described by Eric Romang and FireEye through Malware Protection Cloud.

The vulnerability has been exploited in watering hole attacks against Council on Foreign Relations (CFR) website 26.12.2012. The attack appears to be closely related to attacks in June 2012 that were targeting visitors of a major hotel chain and other attacks associated with the Elderwood Project.

Software: Microsoft Internet Explorer

This vulnerability was described by Eric Romang and FireEye through Malware Protection Cloud.

The vulnerability has been exploited in watering hole attacks against Council on Foreign Relations (CFR) website 26.12.2012. The attack appears to be closely related to attacks in June 2012 that were targeting visitors of a major hotel chain and other attacks associated with the Elderwood Project.

XSS in HTML Sanitization Component in Microsoft Office products
CVE-2012-2520

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks and gain elevated privileges.

The vulnerability exists due to insufficient sanitization of user-input within HTML Sanitization Component. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability was being actively exploited.

Software: Microsoft Office InfoPath

Remote code execution in Microsoft Internet Explorer
CVE-2012-4969

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the CMshtmlEd::Exec function in mshtml.dll. A remote attacker can create a specially crafted Web site, trick the victim into viewing it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was found exploited in the wild and discovered by Eric Romang.

A real-world attack using the vulnerability first appeared in a blog post in Sep.14, 2012. The vulnerability was used by "Nitro" hacking group.

Software: Microsoft Internet Explorer

The vulnerability was found exploited in the wild and discovered by Eric Romang.

A real-world attack using the vulnerability first appeared in a blog post in Sep.14, 2012. The vulnerability was used by "Nitro" hacking group.

Remote code execution in Windows Common Controls
CVE-2012-1856

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in MSCOMCTL.OCX ActiveX control. A remote attacker can create a specially crafted Web page that passes an overly long string argument, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Favorite hackers' vulnerability for years has been exploited along with CVE-2012-1856, CVE-2015-1641, CVE-2015-1770 in an APT campaign against journalists and human rights workers in Tibet, Hong Kong and Taiwan.


Software: Microsoft Office

Favorite hackers' vulnerability for years has been exploited along with CVE-2012-1856, CVE-2015-1641, CVE-2015-1770 in an APT campaign against journalists and human rights workers in Tibet, Hong Kong and Taiwan.


Remote code execution in Microsoft Office
CVE-2012-1854

Untrusted Search Path

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the way Microsoft Office loads .dll libraries when opening Office documents (such as a .docx file). A remote attacker can place a specially crafted .dll file along with Microsoft Office document on a remote SMB or WebDAV share, trick the victim into opening that document and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was being actively exploited since mid-March, 2012. The targeted attacks were focusing on Japanese organizations.

Software: Microsoft Office

The vulnerability was being actively exploited since mid-March, 2012. The targeted attacks were focusing on Japanese organizations.

Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2012-1875

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error related to same id property when attempting to access objects that have been deleted. A remote attacker can create a specially crafted Web site, trick the victim into viewing it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

A functional exploit with shellcode appeared on PasteBin on 8.06.12 - four days before the Microsoft patch release.
The vulnerability was reported by adept with nickname Dark Son and researcher Yichong Lin.

Software: Microsoft Internet Explorer

Known/fameous malware:

Trojan.Naid.

A functional exploit with shellcode appeared on PasteBin on 8.06.12 - four days before the Microsoft patch release.
The vulnerability was reported by adept with nickname Dark Son and researcher Yichong Lin.

Remote code execution in Microsoft XML Core Services
CVE-2012-1889

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in XML Core Services (MSXML) when attempting to access an object in memory that has not been initialized. A remote attacker can create a specially crafted Web site, trick the victim into viewing it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

One of the vulnerabilities used by Aurora group.

The attackers used the CVE-2010-2884 and CVE-2012-1889 0-day exploits to specifically target visitors to Amnesty International Hong Kong site

 20.06.2012 SophosLabs determined that the website of a European aeronautical parts supplier had been hacked and delivered exploit for CVE-2012-1889.

TrendMicro observed the vulnerability targeting Chinese high school webpage.

Software: Microsoft XML Core Services

One of the vulnerabilities used by Aurora group.

The attackers used the CVE-2010-2884 and CVE-2012-1889 0-day exploits to specifically target visitors to Amnesty International Hong Kong site

 20.06.2012 SophosLabs determined that the website of a European aeronautical parts supplier had been hacked and delivered exploit for CVE-2012-1889.

TrendMicro observed the vulnerability targeting Chinese high school webpage.

Remote code execution in MSCOMCTL.OCX ActiveX control in Microsoft Office
CVE-2012-0158

Stack-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow in MSCOMCTL.OCX ActiveX control. A remote attacker can create a specially crafted Web page that passes an overly long string argument, trick the victim into viewing it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Researchers based in Asia noticed these malicious documents in Japan and Taiwan before they started showing up/targeting USA companies.

The vulnerability appeared to operate in 2014 in the Western Australian time zone. Examples of such groups include the 'Shiqiang Gang' (as reported by McAfee), 'PLEAD' (as reported by Trend Micro), 'NetTraveler' (as reported by Kaspersky) and 'APT12' (as reported by FireEye).

The vulnerability has been exploited in Red October attacks in 2012 and attacks targeting Chinese media organizations, personnel at government agencies in Europe, Middle East and Central Asia in 2013. The exploit was successfully used in breach attack against NewYork Times in August of 2013. The vulnerability was still exploited in 2016. Exploit for this vulnerability was used in Pawn Storm campaign as well.

Software: Microsoft Office

Known/fameous malware:

TROJ_DROPPER.IK
BKDR_HGDER.IK.

Researchers based in Asia noticed these malicious documents in Japan and Taiwan before they started showing up/targeting USA companies.

The vulnerability appeared to operate in 2014 in the Western Australian time zone. Examples of such groups include the 'Shiqiang Gang' (as reported by McAfee), 'PLEAD' (as reported by Trend Micro), 'NetTraveler' (as reported by Kaspersky) and 'APT12' (as reported by FireEye).

The vulnerability has been exploited in Red October attacks in 2012 and attacks targeting Chinese media organizations, personnel at government agencies in Europe, Middle East and Central Asia in 2013. The exploit was successfully used in breach attack against NewYork Times in August of 2013. The vulnerability was still exploited in 2016. Exploit for this vulnerability was used in Pawn Storm campaign as well.