MS Internet Explorer Remote Code Execution Vulnerability (2847140) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS13-038.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code and failed attacks will cause denial of service conditions. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-038

Insight

use-after-free error when handling 'CGenericElement'

Affected

Microsoft Internet Explorer version 8.x and 9.x

References

http://secunia.com/advisories/53314
http://support.microsoft.com/kb/2847140
http://www.exploit-db.com/exploits/25294
https://technet.microsoft.com/en-us/security/bulletin/ms13-038

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-1347

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Checks for MS HOTFIX for snmp buffer overruns
Microsoft Groove Remote Code Execution Vulnerability (2494047)
Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
Microsoft Data Analyzer ActiveX Control Vulnerability (978262)

Take action and discover your vulnerabilities