Lucene search
Symantec Security ResponseSMNTC-64115HistoryDec 10, 2013 - 12:00 a.m.
Microsoft Internet Explorer Enhanced Protected Mode CVE-2013-5045 Security Bypass Vulnerability
2013-12-1000:00:00
Symantec Security Response
www.symantec.com
10
0.001 Low
EPSS
Percentile
34.3%
Description
Microsoft Internet Explorer is prone to a security-bypass vulnerability in the Enhanced Protected Mode. An attacker can exploit this issue to bypass Enhanced Protected Mode restrictions and execute arbitrary code with elevated privileges.
Technologies Affected
- Avaya Aura Conferencing Standard
- Avaya CallPilot 4.0
- Avaya CallPilot 4.0.1
- Avaya CallPilot 5.0
- Avaya CallPilot 5.0.1
- Avaya CallPilot
- Avaya Communication Server 1000 Telephony Manager 3.0
- Avaya Communication Server 1000 Telephony Manager 3.0.1
- Avaya Communication Server 1000 Telephony Manager 4.0
- Avaya Communication Server 1000 Telephony Manager 4.0.1
- Avaya Communication Server 1000 Telephony Manager
- Avaya Conferencing Standard Edition 6.0
- Avaya Conferencing Standard Edition 6.0 SP1
- Avaya Conferencing Standard Edition 6.0.1
- Avaya Conferencing Standard Edition 7.0
- Avaya Meeting Exchange - Client Registration Server 5.0
- Avaya Meeting Exchange - Client Registration Server 5.0.1
- Avaya Meeting Exchange - Client Registration Server 5.2
- Avaya Meeting Exchange - Client Registration Server 5.2.1
- Avaya Meeting Exchange - Client Registration Server 6.0
- Avaya Meeting Exchange - Client Registration Server 6.2
- Avaya Meeting Exchange - Client Registration Server
- Avaya Meeting Exchange - Recording Server 5.0
- Avaya Meeting Exchange - Recording Server 5.0.1
- Avaya Meeting Exchange - Recording Server 5.2
- Avaya Meeting Exchange - Recording Server 5.2.1
- Avaya Meeting Exchange - Recording Server 6.0
- Avaya Meeting Exchange - Recording Server 6.2
- Avaya Meeting Exchange - Recording Server
- Avaya Meeting Exchange - Streaming Server 5.0
- Avaya Meeting Exchange - Streaming Server 5.0.1
- Avaya Meeting Exchange - Streaming Server 5.2
- Avaya Meeting Exchange - Streaming Server 5.2.1
- Avaya Meeting Exchange - Streaming Server 6.0
- Avaya Meeting Exchange - Streaming Server 6.2
- Avaya Meeting Exchange - Streaming Server
- Avaya Meeting Exchange - Web Conferencing Server 5.0
- Avaya Meeting Exchange - Web Conferencing Server 5.0.1
- Avaya Meeting Exchange - Web Conferencing Server 5.2
- Avaya Meeting Exchange - Web Conferencing Server 5.2.1
- Avaya Meeting Exchange - Web Conferencing Server 6.0
- Avaya Meeting Exchange - Web Conferencing Server 6.2
- Avaya Meeting Exchange - Web Conferencing Server
- Avaya Meeting Exchange - Webportal 5.0
- Avaya Meeting Exchange - Webportal 5.0.1
- Avaya Meeting Exchange - Webportal 5.2
- Avaya Meeting Exchange - Webportal 5.2.1
- Avaya Meeting Exchange - Webportal 6.0
- Avaya Meeting Exchange - Webportal 6.2
- Avaya Meeting Exchange - Webportal
- Avaya Messaging Application Server 4
- Avaya Messaging Application Server 5
- Avaya Messaging Application Server 5.0
- Avaya Messaging Application Server 5.0.1
- Avaya Messaging Application Server 5.2
- Avaya Messaging Application Server 5.2.1
- Avaya Messaging Application Server
- Avaya Messaging Application Server MM 1.1
- Avaya Messaging Application Server MM 2.0
- Avaya Messaging Application Server MM 3.0
- Avaya Messaging Application Server MM 3.1
- Microsoft Internet Explorer 10
- Microsoft Internet Explorer 11
Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Updates are available. Please see the references or vendor advisory for more information.
Related
cve
cve
CVE-2013-5045
2013-12-11 00:55:03
zdt
zdt
MS13-097 Registry Symlink IE Sandbox Escape Exploit
2014-06-27 00:00:00
prion
prion
Privilege escalation
2013-12-11 00:55:00
metasploit
metasploit
MS13-097 Registry Symlink IE Sandbox Escape
2014-05-29 16:42:54
packetstorm
packetstorm
MS13-097 Registry Symlink IE Sandbox Escape
2014-06-27 00:00:00
seebug
seebug
MS13-097 Registry Symlink IE Sandbox Escape
2014-07-01 00:00:00
cvelist
cvelist
CVE-2013-5045
2013-12-11 00:00:00
nvd
nvd
CVE-2013-5045
2013-12-11 00:55:03
exploitdb
exploitdb
Microsoft Registry Symlink - IE Sandbox Escape (MS13-097) (Metasploit)
2014-06-27 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2013-12-16 00:00:00
nessus
nessus
MS13-097: Cumulative Security Update for Internet Explorer (2898785)
2013-12-11 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2898785)
2013-12-11 00:00:00
mskb
mskb