Summary
This host is missing a critical security update according to Microsoft Bulletin MS13-059.
Impact
Successful exploitation will allow attackers to corrupt memory by the execution of arbitrary code in the context of the current user.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-059
Insight
Multiple flaws due to,
- Error when handling process integrity level assignments and EUC-JP character encoding.
- Multiple unspecified errors.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2013-3184, CVE-2013-3186, CVE-2013-3187, CVE-2013-3188, CVE-2013-3189, CVE-2013-3190, CVE-2013-3191, CVE-2013-3192, CVE-2013-3193, CVE-2013-3194, CVE-2013-3199 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
- Buffer Overrun in Messenger Service (828035)
- Microsoft DirectAccess Security Advisory (2862152)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)