[PCWorks] Internet Explorer Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Wed, 13 Feb 2013 00:26:25 -0600

TITLE:
Microsoft Internet Explorer Multiple Vulnerabilities

Criticality level: Highly critical
Impact: Exposure of sensitive information
Where: From remote

Software:
 Microsoft Internet Explorer 6.x
 Microsoft Internet Explorer 7.x
 Microsoft Internet Explorer 8.x
 Microsoft Internet Explorer 9.x
 Microsoft Internet Explorer 10.x

SECUNIA ADVISORY ID:
http://secunia.com/advisories/52122/

DESCRIPTION:
Multiple vulnerabilities have been reported in Microsoft 
Internet
Explorer, which can be exploited by malicious people to 
disclose
sensitive information and compromise a user's system.

1) An error when handling the encoding for Shift_JIS 
auto-selection
can be exploited to gain access to information in another 
domain or
Internet Explorer zone.

2) A use-after-free error related to SetCapture can be 
exploited to
access an already freed object.

3) A use-after-free error related to COmWindowProxy can be 
exploited
to access an already freed object.

4) A use-after-free error related to CMarkup can be exploited 
to
access an already freed object.

5) A use-after-free error related to vtable can be exploited to
access an already freed object.

6) A use-after-free error related to LsGetTrailInfo can be 
exploited
to access an already freed object.

7) A use-after-free error related to CDispNode can be exploited 
to
access an already freed object.

8) A use-after-free error related to pasteHTML can be exploited 
to
access an already freed object.

9) A use-after-free error related to SLayoutRun can be 
exploited to
access an already freed object.

10) A use-after-free error related to InsertElement can be 
exploited
to access an already freed object.

11) A use-after-free error related to CPasteCommand can be 
exploited
to access an already freed object.

12) A use-after-free error related to CObjectElement can be 
exploited
to access an already freed object.

13) A use-after-free error related to CHTML can be exploited to
access an already freed object.

Successful exploitation of the vulnerabilities #2 through #13 
allows
the execution of arbitrary code.

SOLUTION:
Apply updates.

ORIGINAL ADVISORY:
MS13-009 (KB2792100)
http://technet.microsoft.com/en-us/security/bulletin/ms13-009


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Internet Explorer Multiple Vulnerabilities
• » [PCWorks] Internet Explorer Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Internet Explorer Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Internet Explorer Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Internet Explorer Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Internet Explorer Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Internet Explorer Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Internet Explorer Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 02-2013

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---