Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS13-037.

Impact

Successful exploitation will allow attackers to corrupt memory by the execution of arbitrary code in the context of the current user and gain access to potentially sensitive information stored in JSON data files. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-037

Insight

Multiple unspecified use-after-free error occurs when accessing already freed memory.

Affected

Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x

References

http://secunia.com/advisories/53327
http://www.osvdb.com/93289
http://www.osvdb.com/93290
https://technet.microsoft.com/en-us/security/bulletin/ms13-037

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0811, CVE-2013-1297, CVE-2013-1306, CVE-2013-1307, CVE-2013-1308, CVE-2013-1309, CVE-2013-1310, CVE-2013-1311, CVE-2013-1312, CVE-2013-2551, CVE-2013-3140

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482)
Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
ADODB.Stream object from Internet Explorer (KB870669)

Take action and discover your vulnerabilities