Windows : Microsoft Bulletins : Microsoft Internet Explorer Remote Code Execution Vulnerability (2794220)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902699

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Internet Explorer Remote Code Execution Vulnerability (2794220)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS13-008.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS13-008.

Vulnerability Insight:
Flaw exists due to the way that Internet Explorer accesses an object that has
been deleted or has not been properly allocated and causing use-after-free error when handling the CDwnBindInfo object.

Vulnerability Impact:
Successful exploitation could will remote attackers to gain sensitive
information or execute arbitrary code in the context of the current user.

Affected Software/OS:
Microsoft Internet Explorer version 6.x/7.x/8.x.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4792
Cert/CC Advisory: TA13-008A
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Cert/CC Advisory: TA13-015A
http://www.us-cert.gov/cas/techalerts/TA13-015A.html
CERT/CC vulnerability note: VU#154201
http://www.kb.cert.org/vuls/id/154201
http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html
http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/
http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb
Microsoft Security Bulletin: MS13-008
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16361

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902699
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Internet Explorer Remote Code Execution Vulnerability (2794220)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS13-008.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS13-008. Vulnerability Insight: Flaw exists due to the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated and causing use-after-free error when handling the CDwnBindInfo object. Vulnerability Impact: Successful exploitation could will remote attackers to gain sensitive information or execute arbitrary code in the context of the current user. Affected Software/OS: Microsoft Internet Explorer version 6.x/7.x/8.x. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4792 Cert/CC Advisory: TA13-008A http://www.us-cert.gov/cas/techalerts/TA13-008A.html Cert/CC Advisory: TA13-015A http://www.us-cert.gov/cas/techalerts/TA13-015A.html CERT/CC vulnerability note: VU#154201 http://www.kb.cert.org/vuls/id/154201 http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/ http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb Microsoft Security Bulletin: MS13-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16361
Copyright	Copyright (C) 2013 Greenbone AG