فا

‫ Microsoft Internet Explorer Multiple Vulnerabilities

IRCAD2014093508

ID: IRCAD2014093508

Release Date: 2014-09-09

Criticality level: Highly critical

Software:

Microsoft Internet Explorer 10.x

Microsoft Internet Explorer 11.x

Microsoft Internet Explorer 6.x

Microsoft Internet Explorer 7.x

Microsoft Internet Explorer 8.x

Microsoft Internet Explorer 9.x

Description:

Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.

1) An error within the XMLDOM ActiveX control can be exploited to enumerate local resources.

Note: Reportedly, this vulnerability is actively exploited in the wild in limited attacks.

2) An unspecified error can be exploited to cause memory corruption.

3) Another unspecified error can be exploited to cause memory corruption.

4) Another unspecified error can be exploited to cause memory corruption.

6) Another unspecified error can be exploited to cause memory corruption.

7) Another unspecified error can be exploited to cause memory corruption.

8) Another unspecified error can be exploited to cause memory corruption.

9) Another unspecified error can be exploited to cause memory corruption.

10) Another unspecified error can be exploited to cause memory corruption.

11) Another unspecified error can be exploited to cause memory corruption.

12) Another unspecified error can be exploited to cause memory corruption.

13) Another unspecified error can be exploited to cause memory corruption.

14) Another unspecified error can be exploited to cause memory corruption.

15) Another unspecified error can be exploited to cause memory corruption.

16) Another unspecified error can be exploited to cause memory corruption.

17) Another unspecified error can be exploited to cause memory corruption.

18) Another unspecified error can be exploited to cause memory corruption.

19) Another unspecified error can be exploited to cause memory corruption.

20) Another unspecified error can be exploited to cause memory corruption.

21) Another unspecified error can be exploited to cause memory corruption.

22) Another unspecified error can be exploited to cause memory corruption.

23) Another unspecified error can be exploited to cause memory corruption.

24) Another unspecified error can be exploited to cause memory corruption.

25) Another unspecified error can be exploited to cause memory corruption.

26) Another unspecified error can be exploited to cause memory corruption.

27) Another unspecified error can be exploited to cause memory corruption.

28) Another unspecified error can be exploited to cause memory corruption.

29) Another unspecified error can be exploited to cause memory corruption.

30) Another unspecified error can be exploited to cause memory corruption.

31) Another unspecified error can be exploited to cause memory corruption.

32) Another unspecified error can be exploited to cause memory corruption.

33) Another unspecified error can be exploited to cause memory corruption.

34) Another unspecified error can be exploited to cause memory corruption.

35) Another unspecified error can be exploited to cause memory corruption.

36) Another unspecified error can be exploited to cause memory corruption.

37) Another unspecified error can be exploited to cause memory corruption.

Successful exploitation of vulnerabilities #2 through #‫37 allows execution of arbitrary code.

Solution

Apply updates.

Internet Explorer 6

Windows Server 2003 Service Pack 2

Internet Explorer 6

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 6

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 6

Internet Explorer 7

Windows Server 2003 Service Pack 2

Internet Explorer 7

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 7

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 7

Windows Vista Service Pack 2

Internet Explorer 7

Windows Vista x64 Edition Service Pack 2

Internet Explorer 7

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 7

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 7

Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 7

Internet Explorer 8

Windows Server 2003 Service Pack 2

Internet Explorer 8

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 8

Windows Vista Service Pack 2

Internet Explorer 8

Windows Vista x64 Edition Service Pack 2

Internet Explorer 8

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 8

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 8

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 8

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 8

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 8

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Internet Explorer 8

Internet Explorer 9

Windows Vista Service Pack 2

Internet Explorer 9

Windows Vista x64 Edition Service Pack 2

Internet Explorer 9

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 9

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 9

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 9

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 9

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 9

Internet Explorer 10

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 10

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 10

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 10

Windows 8 for 32-bit Systems

Internet Explorer 10

Windows 8 for x64-based Systems

Internet Explorer 10

Windows Server 2012

Internet Explorer 10

Internet Explorer 11

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 11

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 11

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 11

Windows 8.1 for 32-bit Systems

Internet Explorer 11

Windows 8.1 for x64-based Systems

Internet Explorer 11

Windows Server 2012 R2

Internet Explorer 11

References:

Microsoft (KB2987114):

Microsoft (KB2977629)

https://technet.microsoft.com/library/security/MS14-052

Secunia:

http://secunia.com/advisories/60981/


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 شهریور 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0