فا

‫ Microsoft Internet Explorer Multiple Vulnerabilities

IRCAD2014073406

Number: IRCAD2014073406

Date: 2014/07/08

Criticality level: highly critical

Software:

Microsoft Internet Explorer 10.x

Microsoft Internet Explorer 11.x

Microsoft Internet Explorer 6.x

Microsoft Internet Explorer 7.x

Microsoft Internet Explorer 8.x

Microsoft Internet Explorer 9.x

Description

A security issue and multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) An error when handling EV (Extended Validation) SSL certificates can be exploited to bypass EV SSL certificate guidelines via a specially crafted wildcard certificate.

2) An unspecified error can be exploited to corrupt memory.

3) Another unspecified error can be exploited to corrupt memory.

4) Another unspecified error can be exploited to corrupt memory.

5) Another unspecified error can be exploited to corrupt memory.

6) Another unspecified error can be exploited to corrupt memory.

7) Another unspecified error can be exploited to corrupt memory.

8) Another unspecified error can be exploited to corrupt memory.

9) Another unspecified error can be exploited to corrupt memory.

10) Another unspecified error can be exploited to corrupt memory.

11) Another unspecified error can be exploited to corrupt memory.

12) Another unspecified error can be exploited to corrupt memory.

13) Another unspecified error can be exploited to corrupt memory.

14) Another unspecified error can be exploited to corrupt memory.

15) Another unspecified error can be exploited to corrupt memory.

16) Another unspecified error can be exploited to corrupt memory.

17) Another unspecified error can be exploited to corrupt memory.

18) Another unspecified error can be exploited to corrupt memory.

19) Another unspecified error can be exploited to corrupt memory.

20) Another unspecified error can be exploited to corrupt memory.

21) Another unspecified error can be exploited to corrupt memory.

22) Another unspecified error can be exploited to corrupt memory.

23) Another unspecified error can be exploited to corrupt memory.

24) Another unspecified error can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities #2 through 24 allows execution of arbitrary code.

Solution:

Apply updates.

Internet Explorer 6

Windows Server 2003 Service Pack 2

Internet Explorer 6

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 6

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 6

Internet Explorer 7

Windows Server 2003 Service Pack 2

Internet Explorer 7

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 7

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 7

Windows Vista Service Pack 2

Internet Explorer 7

Windows Vista x64 Edition Service Pack 2

Internet Explorer 7

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 7

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 7

Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 7

Internet Explorer 8

Windows Server 2003 Service Pack 2

Internet Explorer 8

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 8

Windows Vista Service Pack 2

Internet Explorer 8

Windows Vista x64 Edition Service Pack 2

Internet Explorer 8

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 8

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 8

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 8

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 8

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 8

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Internet Explorer 8

Internet Explorer 9

Windows Vista Service Pack 2

Internet Explorer 9

Windows Vista x64 Edition Service Pack 2

Internet Explorer 9

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 9

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 9

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 9

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 9

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 9

Internet Explorer 10

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 10

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 10

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 10

Windows 8 for 32-bit Systems

Internet Explorer 10

Windows 8 for x64-based Systems

Internet Explorer 10

Windows Server 2012

Internet Explorer 10

Internet Explorer 11

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 11

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 11

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 11

Windows 8 for 32-bit Systems

Internet Explorer 11

Windows 8 for x64-based Systems

Internet Explorer 11

Windows Server 2012 R2

Internet Explorer 11

Resources:

Microsoft (KB2975687, KB2962872, KB2963952)

secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 تیر 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0