Summary
This host is missing a critical security update according to Microsoft Bulletin MS13-037.
Impact
Successful exploitation will allow attackers to corrupt memory by the execution of arbitrary code in the context of the current user and gain access to potentially sensitive information stored in JSON data files.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-037
Insight
Multiple unspecified use-after-free error occurs when accessing already freed memory.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x
References
Severity
Classification
-
CVE CVE-2013-0811, CVE-2013-1297, CVE-2013-1306, CVE-2013-1307, CVE-2013-1308, CVE-2013-1309, CVE-2013-1310, CVE-2013-1311, CVE-2013-1312, CVE-2013-2551, CVE-2013-3140 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
- Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
- Cumulative Security Update for Internet Explorer (953838)
- Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)