en

‫ Microsoft Internet Explorer Multiple Vulnerabilities

ID: IRCAD2015104114

Release Date: 2015-10-13

Software:

Microsoft Internet Explorer 10.x

Microsoft Internet Explorer 11.x

Microsoft Internet Explorer 7.x

Microsoft Internet Explorer 8.x

Microsoft Internet Explorer 9.x

Description:

Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

1) Multiple errors exist within the VBScript and JScript engines.

2) A use-after-free error when handling CWindow objects can be exploited to corrupt memory.

3) An error when handling scripts can be exploited to run a script with otherwise restricted elevated privileges.

4) An error within certain functions when handling objects in memory can be exploited to disclose certain information.

5) An error when handling scripts can be exploited to run a script with otherwise restricted elevated privileges.

6) An unspecified error can be exploited to corrupt memory.

7) Another unspecified error can be exploited to corrupt memory.

8) Another unspecified error can be exploited to corrupt memory.

9) An error within the EditWith functionality of the broker process can be exploited to run a script with otherwise restricted elevated privileges.

10) An error within the "ArrayBuffer.slice()" method can be exploited to disclose certain information.

11) An error within the VBScript and JScript engines can be exploited to cause memory corruption.

Successful exploitation of the vulnerabilities #2, #6 through #8, and #‫11 can be exploited to execute arbitrary code.

Solution

Apply update.

References:

Microsoft (KB3096441, KB3093983, KB3097617, KB3094996, and KB3094995):

https://technet.microsoft.com/library/security/MS15-106

ZDI:

http://www.zerodayinitiative.com/advisories/ZDI-15-518/

http://www.zerodayinitiative.com/advisories/ZDI-15-520/

http://www.zerodayinitiative.com/advisories/ZDI-15-522/

Secunia:

https://secunia.com/advisories/66841/

 


The Wall

No comments
You need to sign in to comment