Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.03.2013
Published:24.03.2013
Source:
SecurityVulns ID:12947
Type:client
Threat Level:
7/10
Description:Multiple use-after-free vulnerabilities.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability.")
 CVE-2013-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability.")
 CVE-2013-0093 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability.")
 CVE-2013-0092 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability.")
 CVE-2013-0091 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability.")
 CVE-2013-0090 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability.")
 CVE-2013-0089 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability.")
 CVE-2013-0088 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability.")
 CVE-2013-0087 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087) (24.03.2013)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) (24.03.2013)
Files:Microsoft Security Bulletin MS13-021 - Critical Cumulative Security Update for Internet Explorer (2809289)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod