CVE-2012-1876

CVE Database · CVE-2012-1876

CVE-2012-1876

· N/AModified

CVSS v3.1

N/A

EPSS

64.96%

Published

Jun 12, 2012

Modified

Apr 28, 2026

Public PoC / Exploit (6)

All weaponized →

Exploit-DBMicrosoft Internet Explorer - Fixed Table Col Span Heap Overflow (MS12-037) (Metasploit)Exploit-DBMicrosoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)Exploit-DBMicrosoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.0 Bypass) (MS12-037)Exploit-DBMicrosoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.1 Bypass) (MS12-037)Exploit-DBMicrosoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP Bypass) (MS12-037)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.

Weaknesses (CWE)

CWE-94

Affected Products (34)

microsoft · internet_explorervulnerable

microsoft · windows_2003_server

microsoft · windows_server_2003

microsoft · windows_xp

microsoft · internet_explorervulnerable

microsoft · windows_2003_server

microsoft · windows_server_2003

microsoft · windows_server_2008

· windows_server_2008