Skip to main content

Improper Initialization

CVE-2012-0012

Severity Medium
Score 4.3/10

Summary

Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."

  • MEDIUM
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-665 - Improper Initialization

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References

Advisory Timeline

  • Published