Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (2497640) |
Informations | |||
---|---|---|---|
Name | MS11-018 | First vendor Publication | 2011-04-12 |
Vendor | Microsoft | Last vendor Modification | 2011-05-16 |
Severity (Vendor) | Critical | Revision | 2.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V2.0 (May 16, 2011): Bulletin rereleased to reoffer the update for Internet Explorer 7 on supported editions of Windows XP and Windows Server 2003. This is a detection change only. There were no changes to the binaries. Only affected customers will be offered the update. Customers who have installed the update manually and customers running configurations not targeted by the change to detection logic do not need to take any action.Summary: This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS11-018.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-399 | Resource Management Errors |
33 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11838 | |||
Oval ID: | oval:org.mitre.oval:def:11838 | ||
Title: | DEPRECATED: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 | ||
Description: | Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0346 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11882 | |||
Oval ID: | oval:org.mitre.oval:def:11882 | ||
Title: | MSHTML Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0346 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11926 | |||
Oval ID: | oval:org.mitre.oval:def:11926 | ||
Title: | Frame Tag Information Disclosure Vulnerability | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1244 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12228 | |||
Oval ID: | oval:org.mitre.oval:def:12228 | ||
Title: | Object Management Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1345 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12385 | |||
Oval ID: | oval:org.mitre.oval:def:12385 | ||
Title: | Javascript Information Disclosure Vulnerability | ||
Description: | Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1245 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12463 | |||
Oval ID: | oval:org.mitre.oval:def:12463 | ||
Title: | Layouts Handling Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0094 | Version: | 8 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2011-04-13 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2497640) File : nvt/secpod_ms11-018.nasl |
2011-02-01 | Name : Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulner... File : nvt/gb_ms_ie_releaseinterface_code_execution_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71777 | Microsoft IE Frame Tag Handling Information Disclosure Microsoft IE contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the program fails to properly enforce content access domain restrictions, which will disclose sensitive information to a context-dependent attacker via a crafted web page. This vulnerability has also been reported to allow clickjacking attacks. |
71726 | Microsoft IE JavaScript Unspecified Cross-domain Information Disclosure Microsoft IE contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the program fails to restrict scripts from accessing cross-domain or zone content, which will disclose sensitive information to a context-dependent attacker using a crafted web page. |
71725 | Microsoft IE Object Management onPropertyManagement Processing Memory Corruption A memory corruption flaw exists in Microsoft IE. The program fails to sanitize user-supplied input during onPropertyChange function calls, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code. |
71724 | Microsoft IE Layouts Handling Memory Corruption A memory corruption flaw exists in Microsoft IE. The program fails to sanitize user-supplied input when handling objects in memory which were not previously initialized or have been deleted, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code. |
70391 | Microsoft IE MSHTML.DLL ReleaseInterface Function Use-after-free Arbitrary Co... Microsoft IE contains a user-after-free vulnerability related to the ReleaseInterface function in MSHTML.DLL. This may allow a context-dependent attacker to use a crafted web page to execute arbitrary code via vectors related to DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions. |
Snort® IPS/IDS
Date | Description |
---|---|
2016-04-05 | Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt RuleID : 37881 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer object management memory corruption attempt RuleID : 28259 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer object management memory corruption attempt RuleID : 28258 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt RuleID : 24872 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt RuleID : 24871 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt RuleID : 24870 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt RuleID : 24869 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer object management memory corruption attempt RuleID : 18671 - Revision : 17 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer object management memory corruption attempt RuleID : 18670 - Revision : 17 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer cross-domain object manipulation attempt RuleID : 18669 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 6/7 CSS swapNode memory corruption attempt RuleID : 18646 - Revision : 6 - Type : SPECIFIC-THREATS |
2014-01-10 | Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt RuleID : 16377 - Revision : 18 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-04-13 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms11-018.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-03-20 21:21:08 |
|
2014-02-17 11:46:54 |
|
2014-01-19 21:30:38 |
|