The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MSIE

vulnerability alert CVE-2013-5329 CVE-2013-5330

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/11/2013.
Identifiers: 2755801, APSB13-26, BID-63680, BID-63683, CERTA-2013-AVI-636, CVE-2013-5329, CVE-2013-5330, openSUSE-SU-2013:1717-1, openSUSE-SU-2013:1737-1, RHSA-2013:1518-01, SUSE-SU-2013:1716-1, VIGILANCE-VUL-13771, ZDI-13-275.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63683, CVE-2013-5329]

An attacker can generate a memory corruption via AVM2, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63680, CVE-2013-5330, ZDI-13-275]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-3918

Internet Explorer: memory corruption via InformationCardSigninHelper

Synthesis of the vulnerability

An attacker can generate a memory corruption in the InformationCardSigninHelper ActiveX via Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Impacted products: IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 12/11/2013.
Revision date: 12/11/2013.
Identifiers: 2900986, BID-63629, BID-63631, CERTA-2013-AVI-629, CVE-2013-3918, MS13-090, VIGILANCE-VUL-13743.

Description of the vulnerability

The InformationCardSigninHelper (icardie.dll) ActiveX is installed with Windows. It can be instantiated in Internet Explorer.

However, it can corrupt its memory when a CardSpaceClaimCollection object is processed.

An attacker can therefore generate a memory corruption in the InformationCardSigninHelper ActiveX via Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-3871 CVE-2013-3908 CVE-2013-3909

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 11.
Creation date: 12/11/2013.
Identifiers: 2888505, BID-62802, BID-63585, BID-63588, BID-63589, BID-63590, BID-63592, BID-63593, BID-63594, BID-63595, BID-63596, BID-63597, CERTA-2013-AVI-627, CVE-2013-3871, CVE-2013-3908, CVE-2013-3909, CVE-2013-3910, CVE-2013-3911, CVE-2013-3912, CVE-2013-3913-REJECT, CVE-2013-3914, CVE-2013-3915, CVE-2013-3916, CVE-2013-3917, MS13-088, VIGILANCE-VUL-13764, ZDI-13-232, ZDI-13-264, ZDI-13-265, ZDI-13-266, ZDI-13-267.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can use a freed memory area in CAnchorElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62802, BID-63589, CVE-2013-3871, ZDI-13-232]

An attacker can use Print Previews, in order to obtain sensitive information. [severity:2/4; BID-63585, CVE-2013-3908]

An attacker can use CSS, in order to obtain sensitive information. [severity:2/4; BID-63588, CVE-2013-3909]

An attacker can generate a memory corruption in CSelectTracker, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63590, CVE-2013-3910, ZDI-13-264]

An attacker can generate a memory corruption in CEditAdorner, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63592, CVE-2013-3911, ZDI-13-265]

An attacker can generate a memory corruption in CTreePos, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63593, CVE-2013-3912, ZDI-13-266]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2013-3913-REJECT]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63594, CVE-2013-3914]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63595, CVE-2013-3915]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63596, CVE-2013-3916]

An attacker can generate a memory corruption in CHTMLEditor, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63597, CVE-2013-3917, ZDI-13-267]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-3871

Internet Explorer: use after free via CAnchorElement

Synthesis of the vulnerability

An attacker can use a freed memory area in CAnchorElement of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Impacted products: IE.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 11/10/2013.
Identifiers: 2879017, BID-62802, CVE-2013-3871, MS13-080, VIGILANCE-VUL-13589, ZDI-13-232.

Description of the vulnerability

An attacker can use a freed memory area in CAnchorElement of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.

Note: this vulnerability was announced as fixed by MS13-080 (VIGILANCE-SOL-31769), but this is not the case.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-3871 CVE-2013-3872 CVE-2013-3873

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 08/10/2013.
Identifiers: 2879017, BID-62802, BID-62803, BID-62804, BID-62805, BID-62806, BID-62808, BID-62809, BID-62810, BID-62811, BID-63589, CERTA-2013-AVI-559, CVE-2013-3871, CVE-2013-3872, CVE-2013-3873, CVE-2013-3874, CVE-2013-3875, CVE-2013-3882, CVE-2013-3885, CVE-2013-3886, CVE-2013-3897, MS13-080, VIGILANCE-VUL-13562, ZDI-13-232, ZDI-13-233, ZDI-13-234, ZDI-13-236.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can use a freed memory area in CAnchorElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62802, BID-63589, CVE-2013-3871, ZDI-13-232]

An attacker can use a freed memory area in CLayout, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62803, CVE-2013-3872, ZDI-13-236]

An attacker can use a freed memory area in HtmlLayout::SmartObject, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62804, CVE-2013-3873, ZDI-13-233]

An attacker can use a freed memory area in CFontElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62805, CVE-2013-3874, ZDI-13-234]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62806, CVE-2013-3875]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62808, CVE-2013-3882]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62809, CVE-2013-3885]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62810, CVE-2013-3886]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62811, CVE-2013-3897]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-3893

Internet Explorer: use after free via SetMouseCapture

Synthesis of the vulnerability

An attacker can use a freed memory area in SetMouseCapture() of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 18/09/2013.
Identifiers: 2879017, 2887505, BID-62453, CERTA-2013-ALE-006, CVE-2013-3893, MS13-080, VIGILANCE-VUL-13438.

Description of the vulnerability

The mshtml.dll library is used by Internet Explorer, in order to analyze HTML data.

This DLL uses the CDoc::SetMouseCapture() function. However, its parameters are not correctly checked, and a memory area is then freed twice.

An attacker can therefore use a freed memory area in SetMouseCapture() of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-3201 CVE-2013-3202 CVE-2013-3203

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 10/09/2013.
Identifiers: 2870699, BID-62187, BID-62204, BID-62206, BID-62207, BID-62208, BID-62209, BID-62211, BID-62212, BID-62213, BID-62214, CERTA-2013-AVI-514, CVE-2013-3201, CVE-2013-3202, CVE-2013-3203, CVE-2013-3204, CVE-2013-3205, CVE-2013-3206, CVE-2013-3207, CVE-2013-3208, CVE-2013-3209, CVE-2013-3845, MS13-069, VIGILANCE-VUL-13399, ZDI-13-216, ZDI-13-217, ZDI-13-218, ZDI-13-219, ZDI-13-220, ZDI-13-221, ZDI-13-222, ZDI-13-223, ZDI-13-224.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62187, CVE-2013-3201, ZDI-13-224]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62204, CVE-2013-3202, ZDI-13-216]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62206, CVE-2013-3203, ZDI-13-223]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62207, CVE-2013-3204]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62208, CVE-2013-3205, ZDI-13-217]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62209, CVE-2013-3206, ZDI-13-218]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62211, CVE-2013-3207, ZDI-13-219]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62212, CVE-2013-3208, ZDI-13-220]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62213, CVE-2013-3209, ZDI-13-221]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62214, CVE-2013-3845, ZDI-13-222]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-3361 CVE-2013-3362 CVE-2013-3363

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/09/2013.
Identifiers: 2755801, APSB13-21, BID-62290, BID-62294, BID-62295, BID-62296, CERTA-2013-AVI-509, CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324, openSUSE-SU-2013:1456-1, openSUSE-SU-2013:1459-1, RHSA-2013:1256-01, SUSE-SU-2013:1464-1, VIGILANCE-VUL-13394.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62290, CVE-2013-3361]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62294, CVE-2013-3362]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62295, CVE-2013-3363]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62296, CVE-2013-5324]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-3115 CVE-2013-3143 CVE-2013-3144

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 09/07/2013.
Revision date: 06/09/2013.
Identifiers: 2846071, BID-60941, BID-60957, BID-60962, BID-60963, BID-60964, BID-60965, BID-60966, BID-60967, BID-60968, BID-60969, BID-60970, BID-60971, BID-60972, BID-60973, BID-60974, BID-60975, BID-60976, BID-61482, BID-62372, BID-62376, CERTA-2013-AVI-401, CVE-2013-3115, CVE-2013-3143, CVE-2013-3144, CVE-2013-3145, CVE-2013-3146, CVE-2013-3147, CVE-2013-3148, CVE-2013-3149, CVE-2013-3150, CVE-2013-3151, CVE-2013-3152, CVE-2013-3153, CVE-2013-3161, CVE-2013-3162, CVE-2013-3163, CVE-2013-3164, CVE-2013-3166, CVE-2013-3846, CVE-2013-4015, MS13-055, VIGILANCE-VUL-13083, ZDI-13-162, ZDI-13-163, ZDI-13-164, ZDI-13-165, ZDI-13-166, ZDI-13-167, ZDI-13-172, ZDI-13-173, ZDI-13-174, ZDI-13-175, ZDI-13-176, ZDI-13-231.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60957, CVE-2013-3115]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60962, CVE-2013-3143, ZDI-13-163]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60963, CVE-2013-3144, ZDI-13-172]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60964, CVE-2013-3145, ZDI-13-175]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60965, CVE-2013-3146, ZDI-13-176]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60966, CVE-2013-3147, ZDI-13-174]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60967, CVE-2013-3148, ZDI-13-162]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60968, CVE-2013-3149, ZDI-13-173]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60969, CVE-2013-3150, ZDI-13-164]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60970, CVE-2013-3151, ZDI-13-165]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60971, CVE-2013-3152, ZDI-13-166]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60972, CVE-2013-3153, ZDI-13-167]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60973, CVE-2013-3161]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60974, CVE-2013-3162]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60975, CVE-2013-3163]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60976, CVE-2013-3164]

An attacker can use a Shift JIS character, in order to obtain sensitive information. [severity:2/4; BID-60941, CVE-2013-3166]

A vulnerability allows an attacker to bypass security measures. [severity:2/4; BID-61482, CVE-2013-4015]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62372, CVE-2013-3846, ZDI-13-231]

An attacker can use a freed memory area in CAnchorElement, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-62376]

An attacker can therefore invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-3184 CVE-2013-3186 CVE-2013-3187

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer.
Impacted products: IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 11.
Creation date: 13/08/2013.
Identifiers: 2862772, BID-61663, BID-61664, BID-61668, BID-61669, BID-61670, BID-61671, BID-61675, BID-61677, BID-61678, BID-61679, BID-61680, CERTA-2013-AVI-470, CVE-2013-3184, CVE-2013-3186, CVE-2013-3187, CVE-2013-3188, CVE-2013-3189, CVE-2013-3190, CVE-2013-3191, CVE-2013-3192, CVE-2013-3193, CVE-2013-3194, CVE-2013-3199, MS13-059, VIGILANCE-VUL-13273, ZDI-13-193, ZDI-13-194, ZDI-13-195, ZDI-13-196, ZDI-13-197, ZDI-13-198.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption in CreateMarkupPointer2 and CFlatMarkupPointer, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-61668, CVE-2013-3184, ZDI-13-194, ZDI-13-195]

An attacker can use the process integrity feature, in order to escalate his privileges. [severity:2/4; BID-61663, CVE-2013-3186]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-61669, CVE-2013-3187]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-61670, CVE-2013-3188]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-61671, CVE-2013-3189]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-61675, CVE-2013-3190]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-61677, CVE-2013-3191]

An attacker can use an EUC-JP Character Encoding, in order to obtain sensitive information. [severity:2/4; BID-61664, CVE-2013-3192]

An attacker can generate a memory corruption via selectAll/RemoveFormat, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-61678, CVE-2013-3193, ZDI-13-196]

An attacker can generate a memory corruption via CMarkup, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-61679, CVE-2013-3194, ZDI-13-198]

An attacker can generate a memory corruption via Undo, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-61680, CVE-2013-3199, ZDI-13-197]

An attacker can therefore invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MSIE: