TITLE: Microsoft Internet Explorer Multiple Vulnerabilities Criticality level: Highly critical Impact: Exposure of sensitive information Where: From remote Software: Microsoft Internet Explorer 6.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 9.x Microsoft Internet Explorer 10.x SECUNIA ADVISORY ID: http://secunia.com/advisories/52122/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) An error when handling the encoding for Shift_JIS auto-selection can be exploited to gain access to information in another domain or Internet Explorer zone. 2) A use-after-free error related to SetCapture can be exploited to access an already freed object. 3) A use-after-free error related to COmWindowProxy can be exploited to access an already freed object. 4) A use-after-free error related to CMarkup can be exploited to access an already freed object. 5) A use-after-free error related to vtable can be exploited to access an already freed object. 6) A use-after-free error related to LsGetTrailInfo can be exploited to access an already freed object. 7) A use-after-free error related to CDispNode can be exploited to access an already freed object. 8) A use-after-free error related to pasteHTML can be exploited to access an already freed object. 9) A use-after-free error related to SLayoutRun can be exploited to access an already freed object. 10) A use-after-free error related to InsertElement can be exploited to access an already freed object. 11) A use-after-free error related to CPasteCommand can be exploited to access an already freed object. 12) A use-after-free error related to CObjectElement can be exploited to access an already freed object. 13) A use-after-free error related to CHTML can be exploited to access an already freed object. Successful exploitation of the vulnerabilities #2 through #13 allows the execution of arbitrary code. SOLUTION: Apply updates. ORIGINAL ADVISORY: MS13-009 (KB2792100) http://technet.microsoft.com/en-us/security/bulletin/ms13-009 ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-