Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-050.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS11-050.mspx
Insight
Multiple flaws are due to, the way Internet Explorer enforces the content settings supplied by the Web server, handles HTML sanitization using toStaticHTML, handles objects in memory, and handles script during certain processes.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x
References
Severity
Classification
-
CVE CVE-2011-1246, CVE-2011-1250, CVE-2011-1251, CVE-2011-1252, CVE-2011-1254, CVE-2011-1255, CVE-2011-1256, CVE-2011-1258, CVE-2011-1260, CVE-2011-1261, CVE-2011-1262 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Active Directory Denial of Service Vulnerability (953235)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
- Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)