Description
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
http://pwn2own.zerodayinitiative.com/status.html
Various Sources x_refsource_misc
http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars
Various Sources x_refsource_misc
http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621
Various Sources x_refsource_misc
http://twitter.com/vupen/statuses/177895844828291073
Scores
EPSS
0.2009
EPSS Percentile
97.1%
Details
CWE
CWE-119
Status
published
Products (25)
microsoft/ie
10 consumer_preview
microsoft/internet_explorer
6.0
microsoft/internet_explorer
6.00.2462.0000
microsoft/internet_explorer
6.00.2479.0006
microsoft/internet_explorer
6.0.2600
microsoft/internet_explorer
6.00.2600.0000
microsoft/internet_explorer
6.0.2800
microsoft/internet_explorer
6.0.2800.1106
microsoft/internet_explorer
6.00.2800.1106
microsoft/internet_explorer
6.0.2900
... and 15 more
Published
Mar 09, 2012
Tracked Since
Feb 18, 2026