CIS CYBER SECURITY ADVISORIES
MS-ISAC CYBER SECURITY ADVISORY NUMBER:
Cumulative Security Update for Internet Explorer (MS13-059)
Multiple vulnerabilities have been discovered in Microsoft's web browser, Internet Explorer, which could allow an attacker to take complete control of an affected system. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: High
Multiple vulnerabilities have been discovered in Internet Explorer. The details of these vulnerabilities are as follows:
Internet Explorer Process Integrity Level Assignment Vulnerability: An elevation of privilege vulnerability exists in Internet Explorer that could allow arbitrary code execution. This vulnerability could be used in conjunction with another vulnerability that allowed remote code execution. Utilizing the two vulnerabilities, an attacker could cause the arbitrary code to run at an elevated permission level. An attacker who successfully exploited this vulnerability could elevate the privileges of a process that is launched by Internet Explorer to run in the security context of the current user.
EUC-JP Character Encoding Vulnerability: A cross-site-scripting (XSS) vulnerability exists in Internet Explorer that could allow information disclosure. An attacker could exploit the vulnerability by constructing a specially crafted webpage that could allow information disclosure if a user viewed the webpage. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks, resulting in information disclosure when a user viewed a target website.
Multiple Memory Corruption Vulnerabilities: Multiple memory corruption vulnerabilities exist due to Internet Explorer improperly accessing objects in memory. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.