Internet Explorer Use-After-Free Memory Corruption (MS13-055)

2013-10-09T00:00:00
ID SAINT:C9C9BC7CD43A4882EA2DECD2E13E4CBA
Type saint
Reporter SAINT Corporation
Modified 2013-10-09T00:00:00

Description

Added: 10/09/2013
CVE: CVE-2013-3163
BID: 60975
OSVDB: 94981

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Microsoft Internet Explorer contains a use-after-free error which can lead to memory corruption in such a way as to allow remote code execution in the context of the current user.

Resolution

Apply the KB2846071 update for Internet Explorer.

References

<http://blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx>
<http://technet.microsoft.com/security/bulletin/MS13-055>

Limitations

Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

JRE 6 must be installed on Windows 7.

The user must open the exploit in Internet Explorer 8.

Platforms

Windows