Tag Archives: CDwnBindInfo

“The Mystery of the Hole”: Remote Code Execution – Internet Explorer (CVE-2012-4792)

“The Mystery of the Hole”: Remote Code Execution – Internet Explorer (CVE-2012-4792). Yesterday, an old vulnerability “CDwnBindInfo” from 2012 was added to CISA KEV: the user opens a malicious website in MS Internet Explorer 6–8 and the attacker gets RCE on user’s host. The vulnerability has been actively exploited since the end of 2012 as 0day in watering hole attacks on US organizations. In particular, the malicious code was placed on the hacked Council on Foreign Relations (CFR) website.

Why was the vulnerability added to CISA KEV only now?

🔹 New attacks on legacy systems (Win XP/ Vista/7, WinServer 2003/2008) were discovered? 🤪 It’s unlikely.

🔹 They saw a vulnerability with confirmed incidents, but it wasn’t in CISA KEV, so they added it? More likely, but why only this vulnerability? 🧐

🔹 There was no formal excuse for urgently updating found legacy systems? A bit strange. 🤷‍♂️

Let’s wait for updates. 🙂

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: CDwnBindInfo

“The Mystery of the Hole”: Remote Code Execution – Internet Explorer (CVE-2012-4792)