CVE-2012-0012

Published: Feb 14, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."

Affected (1)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 9

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Vista	All versions

Related CWEs

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (6)

http://www.us-cert.gov/cas/techalerts/TA12-045A.html

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010

Source: secure@microsoft.com

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14870

Source: secure@microsoft.com

Tool Signature

http://www.us-cert.gov/cas/techalerts/TA12-045A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14870

Source: af854a3a-2127-422b-91ae-364da2661108

Tool Signature

Timeline

No history available yet.