Summary
This host is missing a critical security update according to Microsoft Bulletin MS13-059.
Impact
Successful exploitation will allow attackers to corrupt memory by the execution of arbitrary code in the context of the current user.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-059
Insight
Multiple flaws due to,
- Error when handling process integrity level assignments and EUC-JP character encoding.
- Multiple unspecified errors.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2013-3184, CVE-2013-3186, CVE-2013-3187, CVE-2013-3188, CVE-2013-3189, CVE-2013-3190, CVE-2013-3191, CVE-2013-3192, CVE-2013-3193, CVE-2013-3194, CVE-2013-3199 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ADODB.Stream object from Internet Explorer (KB870669)
- Cumulative Security Update for Internet Explorer (937143)
- Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)
- Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)