‫ Microsoft Internet Explorer Multiple Vulnerabilities

IRCAD2013022488
ID: IRCAD2013022488
Release Date: 2013-02-12
Criticality level: Highly critical
 
Software:
Microsoft Internet Explorer 10.x
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x
 
Description:
Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
1) An error when handling the encoding for Shift_JIS auto-selection can be exploited to gain access to information in another domain or Internet Explorer zone.
2) A use-after-free error related to SetCapture can be exploited to access an already freed object.
3) A use-after-free error related to COmWindowProxy can be exploited to access an already freed object.
4) A use-after-free error related to CMarkup can be exploited to access an already freed object.
5) A use-after-free error related to vtable can be exploited to access an already freed object.
6) A use-after-free error related to LsGetTrailInfo can be exploited to access an already freed object.
7) A use-after-free error related to CDispNode can be exploited to access an already freed object.
8) A use-after-free error related to pasteHTML can be exploited to access an already freed object.
9) A use-after-free error related to SLayoutRun can be exploited to access an already freed object.
10) A use-after-free error related to InsertElement can be exploited to access an already freed object.
11) A use-after-free error related to CPasteCommand can be exploited to access an already freed object.
12) A use-after-free error related to CObjectElement can be exploited to access an already freed object.
13) A use-after-free error related to CHTML can be exploited to access an already freed object.
Successful exploitation of the vulnerabilities #2 through #‫13 allows the execution of arbitrary code.
 
Solution
Apply updates.
 
Internet Explorer 6
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 8
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Internet Explorer 9
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 10
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
 
 
References:
MS13-009 (KB2792100)
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 25 بهمن 1391

امتیاز

امتیاز شما
تعداد امتیازها:0