The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MSIE

vulnerability note CVE-2014-0491 CVE-2014-0492

Adobe Flash Player: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/01/2014.
Identifiers: 2755801, APSB14-02, BID-64807, BID-64810, CERTA-2014-AVI-019, CVE-2014-0491, CVE-2014-0492, openSUSE-SU-2014:0128-1, RHSA-2014:0028-01, VIGILANCE-VUL-14094, ZDI-14-014.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can bypass security protections, in order to execute code. [severity:3/4; BID-64807, CVE-2014-0491]

An attacker can bypass the ASLR protection via Jump Opcode. [severity:2/4; BID-64810, CVE-2014-0492, ZDI-14-014]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-5045 CVE-2013-5046 CVE-2013-5047

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 10/12/2013.
Identifiers: 2898785, BID-64115, BID-64117, BID-64119, BID-64120, BID-64123, BID-64124, BID-64126, CERTA-2013-AVI-663, CVE-2013-5045, CVE-2013-5046, CVE-2013-5047, CVE-2013-5048, CVE-2013-5049, CVE-2013-5051, CVE-2013-5052, MS13-097, VIGILANCE-VUL-13926, ZDI-13-271, ZDI-13-272, ZDI-13-273.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can escalate his privileges. [severity:2/4; BID-64115, CVE-2013-5045]

An attacker can escalate his privileges. [severity:2/4; BID-64120, CVE-2013-5046]

An attacker can generate a memory corruption in CMarkup::Insert, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64117, CVE-2013-5047, ZDI-13-272]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64119, CVE-2013-5048, ZDI-13-271]

An attacker can generate a memory corruption in CObjectElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64123, CVE-2013-5049, ZDI-13-273]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64124, CVE-2013-5051]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64126, CVE-2013-5052]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-5331 CVE-2013-5332

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/12/2013.
Identifiers: 2755801, APSB13-28, BID-64199, BID-64201, CERTA-2013-AVI-660, CVE-2013-5331, CVE-2013-5332, openSUSE-SU-2013:1898-1, openSUSE-SU-2013:1915-1, RHSA-2013:1818-01, SUSE-SU-2013:1896-1, VIGILANCE-VUL-13923.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64199, CVE-2013-5331]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64201, CVE-2013-5332]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-5329 CVE-2013-5330

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/11/2013.
Identifiers: 2755801, APSB13-26, BID-63680, BID-63683, CERTA-2013-AVI-636, CVE-2013-5329, CVE-2013-5330, openSUSE-SU-2013:1717-1, openSUSE-SU-2013:1737-1, RHSA-2013:1518-01, SUSE-SU-2013:1716-1, VIGILANCE-VUL-13771, ZDI-13-275.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63683, CVE-2013-5329]

An attacker can generate a memory corruption via AVM2, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63680, CVE-2013-5330, ZDI-13-275]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-3918

Internet Explorer: memory corruption via InformationCardSigninHelper

Synthesis of the vulnerability

An attacker can generate a memory corruption in the InformationCardSigninHelper ActiveX via Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Impacted products: IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 12/11/2013.
Revision date: 12/11/2013.
Identifiers: 2900986, BID-63629, BID-63631, CERTA-2013-AVI-629, CVE-2013-3918, MS13-090, VIGILANCE-VUL-13743.

Description of the vulnerability

The InformationCardSigninHelper (icardie.dll) ActiveX is installed with Windows. It can be instantiated in Internet Explorer.

However, it can corrupt its memory when a CardSpaceClaimCollection object is processed.

An attacker can therefore generate a memory corruption in the InformationCardSigninHelper ActiveX via Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-3871 CVE-2013-3908 CVE-2013-3909

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 11.
Creation date: 12/11/2013.
Identifiers: 2888505, BID-62802, BID-63585, BID-63588, BID-63589, BID-63590, BID-63592, BID-63593, BID-63594, BID-63595, BID-63596, BID-63597, CERTA-2013-AVI-627, CVE-2013-3871, CVE-2013-3908, CVE-2013-3909, CVE-2013-3910, CVE-2013-3911, CVE-2013-3912, CVE-2013-3913-REJECT, CVE-2013-3914, CVE-2013-3915, CVE-2013-3916, CVE-2013-3917, MS13-088, VIGILANCE-VUL-13764, ZDI-13-232, ZDI-13-264, ZDI-13-265, ZDI-13-266, ZDI-13-267.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can use a freed memory area in CAnchorElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62802, BID-63589, CVE-2013-3871, ZDI-13-232]

An attacker can use Print Previews, in order to obtain sensitive information. [severity:2/4; BID-63585, CVE-2013-3908]

An attacker can use CSS, in order to obtain sensitive information. [severity:2/4; BID-63588, CVE-2013-3909]

An attacker can generate a memory corruption in CSelectTracker, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63590, CVE-2013-3910, ZDI-13-264]

An attacker can generate a memory corruption in CEditAdorner, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63592, CVE-2013-3911, ZDI-13-265]

An attacker can generate a memory corruption in CTreePos, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63593, CVE-2013-3912, ZDI-13-266]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2013-3913-REJECT]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63594, CVE-2013-3914]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63595, CVE-2013-3915]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63596, CVE-2013-3916]

An attacker can generate a memory corruption in CHTMLEditor, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-63597, CVE-2013-3917, ZDI-13-267]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-3871

Internet Explorer: use after free via CAnchorElement

Synthesis of the vulnerability

An attacker can use a freed memory area in CAnchorElement of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Impacted products: IE.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 11/10/2013.
Identifiers: 2879017, BID-62802, CVE-2013-3871, MS13-080, VIGILANCE-VUL-13589, ZDI-13-232.

Description of the vulnerability

An attacker can use a freed memory area in CAnchorElement of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.

Note: this vulnerability was announced as fixed by MS13-080 (VIGILANCE-SOL-31769), but this is not the case.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-3871 CVE-2013-3872 CVE-2013-3873

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 08/10/2013.
Identifiers: 2879017, BID-62802, BID-62803, BID-62804, BID-62805, BID-62806, BID-62808, BID-62809, BID-62810, BID-62811, BID-63589, CERTA-2013-AVI-559, CVE-2013-3871, CVE-2013-3872, CVE-2013-3873, CVE-2013-3874, CVE-2013-3875, CVE-2013-3882, CVE-2013-3885, CVE-2013-3886, CVE-2013-3897, MS13-080, VIGILANCE-VUL-13562, ZDI-13-232, ZDI-13-233, ZDI-13-234, ZDI-13-236.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can use a freed memory area in CAnchorElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62802, BID-63589, CVE-2013-3871, ZDI-13-232]

An attacker can use a freed memory area in CLayout, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62803, CVE-2013-3872, ZDI-13-236]

An attacker can use a freed memory area in HtmlLayout::SmartObject, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62804, CVE-2013-3873, ZDI-13-233]

An attacker can use a freed memory area in CFontElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62805, CVE-2013-3874, ZDI-13-234]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62806, CVE-2013-3875]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62808, CVE-2013-3882]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62809, CVE-2013-3885]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62810, CVE-2013-3886]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62811, CVE-2013-3897]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-3893

Internet Explorer: use after free via SetMouseCapture

Synthesis of the vulnerability

An attacker can use a freed memory area in SetMouseCapture() of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 18/09/2013.
Identifiers: 2879017, 2887505, BID-62453, CERTA-2013-ALE-006, CVE-2013-3893, MS13-080, VIGILANCE-VUL-13438.

Description of the vulnerability

The mshtml.dll library is used by Internet Explorer, in order to analyze HTML data.

This DLL uses the CDoc::SetMouseCapture() function. However, its parameters are not correctly checked, and a memory area is then freed twice.

An attacker can therefore use a freed memory area in SetMouseCapture() of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-3201 CVE-2013-3202 CVE-2013-3203

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 10/09/2013.
Identifiers: 2870699, BID-62187, BID-62204, BID-62206, BID-62207, BID-62208, BID-62209, BID-62211, BID-62212, BID-62213, BID-62214, CERTA-2013-AVI-514, CVE-2013-3201, CVE-2013-3202, CVE-2013-3203, CVE-2013-3204, CVE-2013-3205, CVE-2013-3206, CVE-2013-3207, CVE-2013-3208, CVE-2013-3209, CVE-2013-3845, MS13-069, VIGILANCE-VUL-13399, ZDI-13-216, ZDI-13-217, ZDI-13-218, ZDI-13-219, ZDI-13-220, ZDI-13-221, ZDI-13-222, ZDI-13-223, ZDI-13-224.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62187, CVE-2013-3201, ZDI-13-224]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62204, CVE-2013-3202, ZDI-13-216]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62206, CVE-2013-3203, ZDI-13-223]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62207, CVE-2013-3204]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62208, CVE-2013-3205, ZDI-13-217]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62209, CVE-2013-3206, ZDI-13-218]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62211, CVE-2013-3207, ZDI-13-219]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62212, CVE-2013-3208, ZDI-13-220]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62213, CVE-2013-3209, ZDI-13-221]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62214, CVE-2013-3845, ZDI-13-222]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MSIE: