Lucene search

K
saintSAINT CorporationSAINT:3EF0C66878E70BB3C355385365B1DFBF
HistoryMay 08, 2013 - 12:00 a.m.

Internet Explorer CGenericElement Object Use-after-free Vulnerability

2013-05-0800:00:00
SAINT Corporation
www.saintcorporation.com
21

EPSS

0.974

Percentile

99.9%

Added: 05/08/2013
CVE: CVE-2013-1347
BID: 59641
OSVDB: 92993

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This use-after-free vulnerability is triggered when handling CGenericElement objects.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 13-028.

References

<http://technet.microsoft.com/en-us/security/advisory/2847140&gt;
<https://technet.microsoft.com/en-us/security/bulletin/ms13-028&gt;

Limitations

This exploit was tested against Microsoft Internet Explorer 8 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

Successful exploit on Windows 7 requires that JRE 6 be installed.

Platforms

Windows