Microsoft Internet Explorer Object Access Memory Corruption Vulnerability

Last Update Date: 18 Sep 2013 09:24 Release Date: 18 Sep 2013 4272 Views

RISK: Extremely High Risk

TYPE: Clients - Browsers

A vulnerability was identified in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

NOTE:

This vulnerability is being actively exploited against Internet Explorer versions 8 and 9.
Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Server 2012, and Windows Server 2012 R2 are not affected.

Impact

Remote Code Execution

System / Technologies affected

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11

Solutions

NOTE: No solution was available at the time of this entry.

Workarounds:

Apply the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround", that prevents exploitation of this issue.
See Microsoft Knowledge Base Article 2887505
Deploy the Enhanced Mitigation Experience Toolkit
For more information, see Microsoft Knowledge Base Article 2458544.

Vulnerability Identifier

CVE-2013-3893

Microsoft Internet Explorer Object Access Memory Corruption Vulnerability

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link