Microsoft has release, the 21 September 2012, as planned in his “Microsoft Security Bulletin Advance Notification for September 2012“, one security bulletin MS12-063 in order to fix multiple 5 security vulnerabilities, including the 0day vulnerability I discovered last week-end.

MS12-063 bulletin is classified as Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers.

CVE-2012-1529 has an unknown CVSS base score and was discovered and privately reported by an anonymous researcher, working with VeriSign iDefense Labs. CVE number was assigned the 2012-03-08.

CVE-2012-2546 has an unknown CVSS base score and was discovered and privately reported by Rosario Valotta. CVE number was assigned the 2012-05-09.

CVE-2012-2548 has an unknown CVSS base score and was discovered and privately reported by Stephen Fewer of Harmony Security, working with TippingPoint’s Zero Day Initiative. CVE number was assigned the 2012-05-09.

CVE-2012-2557 has an unknown CVSS base score and was discovered and privately reported by an anonymous researcher, working with TippingPoint’s Zero Day Initiative. CVE number was assigned the 2012-05-09.

CVE-2012-4969 has a CVSS base score of 9.3 and was discovered and privately reported, regarding Microsoft, by an anonymous researcher, working with TippingPoint’s Zero Day Initiative and to Mitre. CVE number was assigned the 2012-09-18. Something is wrong with this credit, I will write another blog post regarding this story.

I advise you to update as soon as possible.