SECUNIA ADVISORY ID: SA50237

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50237/

RELEASE DATE: 2012-08-14

CRITICALITY: Highly Critical

DESCRIPTION: Four vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities allows execution of arbitrary code.
1) An error in the layout handling when accessing an improperly initialised or deleted object can be exploited to corrupt memory.
2) A use-after-free error when asynchronously accessing NULL objects can be exploited to dereference an already deleted object.
3) An error may cause a corrupted virtual function table that has already been deleted to be accessed.
4) An integer overflow error in the JavaScript parsing when calculating the size of an object in memory during a copy operation can be exploited to corrupt memory.

SOLUTION: Apply patches.

PROVIDED AND/OR DISCOVERED BY: The vendor credits:
1) GWSlabs via iDefense VCP.
2) Derek Soeder via SecuriTeam Secure Disclosure.
3) Sing-ting Tsai and Ming-Chieh Pan, Trend Micro.
4) Cris Neckar, Google Chrome Security Team.

ORIGINAL ADVISORY: MS12-052 (KB2722913): http://technet.microsoft.com/en-us/security/bulletin/MS12-052