Summary
This host is missing a critical security update according to Microsoft Bulletin MS13-059.
Impact
Successful exploitation will allow attackers to corrupt memory by the execution of arbitrary code in the context of the current user.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-059
Insight
Multiple flaws due to,
- Error when handling process integrity level assignments and EUC-JP character encoding.
- Multiple unspecified errors.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2013-3184, CVE-2013-3186, CVE-2013-3187, CVE-2013-3188, CVE-2013-3189, CVE-2013-3190, CVE-2013-3191, CVE-2013-3192, CVE-2013-3193, CVE-2013-3194, CVE-2013-3199 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
- Cumulative Security Update for Internet Explorer (956390)
- Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Cumulative Security Update for Internet Explorer (939653)