Microsoft Internet Explorer VML Remote Code Execution Vulnerability (2797052) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS13-010.

Impact

Successful exploitation will allow attackers to execute arbitrary code and failed attacks will cause denial of service. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-010

Insight

The flaw is due to an unspecified error when handling certain VML data and can be exploited to corrupt memory.

Affected

Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x

References

http://secunia.com/advisories/52129/
http://support.microsoft.com/kb/2797052
https://technet.microsoft.com/en-us/security/bulletin/ms13-010

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0030
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
Microsoft IIS Security Bypass Vulnerability (970483)
Cumulative Security Update for Internet Explorer (961260)
Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)

Take action and discover your vulnerabilities