Summary
This host is missing a critical security update according to Microsoft Bulletin MS13-090.
Impact
Successful exploitation allows execution of arbitrary code when viewing a specially crafted web page using Internet Explorer.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms13-090
Insight
Flaw in the InformationCardSigninHelper Class ActiveX control (icardie.dll) and can be exploited to corrupt the system state.
Affected
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1 x32/x64 Edition
Microsoft Windows XP x32 Edition Service Pack 3 and prior Microsoft Windows XP x64 Edition Service Pack 2 and prior Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior
Detection
Get the ActiveX control (CLSID) information from registry and check appropriate patch is applied or not.
References
- http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx
- http://osvdb.org/99555
- http://secunia.com/advisories/55611
- http://www.fireeye.com/blog/uncategorized/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html
- http://www.zdnet.com/microsoft-to-patch-zero-day-bug-tuesday-7000023066/
- https://technet.microsoft.com/en-us/security/bulletin/ms13-090
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-3918 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Cumulative Patch for Internet Information Services (Q327696)
- Cumulative Security Update for Internet Explorer (950759)
- Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
- Flaw in Microsoft VM Could Allow Code Execution (810030)