Executive Summary

Summary
TitleCumulative Security Update for Internet Explorer (2870699)
Informations
NameMS13-069First vendor Publication2013-09-10
VendorMicrosoftLast vendor Modification2013-09-10
Severity (Vendor) CriticalRevision1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.0 (September 10, 2013): Bulletin published.

Summary: This security update resolves ten privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms13-069

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18650
 
Oval ID: oval:org.mitre.oval:def:18650
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3209) - MS13-069
Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3207.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3209
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18114
 
Oval ID: oval:org.mitre.oval:def:18114
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3208) - MS13-069
Description: Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3208
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18696
 
Oval ID: oval:org.mitre.oval:def:18696
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3205) - MS13-069
Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3205
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18964
 
Oval ID: oval:org.mitre.oval:def:18964
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3207) - MS13-069
Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3209.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3207
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18975
 
Oval ID: oval:org.mitre.oval:def:18975
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3204) - MS13-069
Description: Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3204
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18916
 
Oval ID: oval:org.mitre.oval:def:18916
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3203) - MS13-069
Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3203
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18651
 
Oval ID: oval:org.mitre.oval:def:18651
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3201) - MS13-069
Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3203, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3201
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18557
 
Oval ID: oval:org.mitre.oval:def:18557
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3202) - MS13-069
Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3202
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18719
 
Oval ID: oval:org.mitre.oval:def:18719
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3845) - MS13-069
Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-3845
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18855
 
Oval ID: oval:org.mitre.oval:def:18855
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3206) - MS13-069
Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3207, and CVE-2013-3209.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3206
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application5

SAINT Exploits

DescriptionLink
Internet Explorer CCaret UpdateScreenCaret Memory CorruptionMore info here

ExploitDB Exploits

idDescription
2013-09-23MS13-069 Microsoft Internet Explorer CCaret Use-After-Free

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-09-12IAVM : 2013-A-0177 - Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0040288

Snort® IPS/IDS

DateDescription
2016-03-22Microsoft Internet Explorer CDisplayPointer use after free attempt
RuleID : 37811 - Revision : 1 - Type : BROWSER-IE
2016-03-22Microsoft Internet Explorer CDisplayPointer use after free attempt
RuleID : 37810 - Revision : 1 - Type : BROWSER-IE
2015-02-18Microsoft Internet Explorer CTreePos Use After Free attempt
RuleID : 33098 - Revision : 7 - Type : BROWSER-IE
2015-02-18Microsoft Internet Explorer CTreePos Use After Free attempt
RuleID : 33097 - Revision : 7 - Type : BROWSER-IE
2015-02-18Microsoft Internet Explorer CTreePos Use After Free attempt
RuleID : 33096 - Revision : 7 - Type : BROWSER-IE
2015-02-18Microsoft Internet Explorer CTreePos Use After Free attempt
RuleID : 33095 - Revision : 7 - Type : BROWSER-IE
2014-01-23Microsoft Internet Explorer CDisplayPointer use after free attempt
RuleID : 29035 - Revision : 5 - Type : BROWSER-IE
2014-01-23Microsoft Internet Explorer CDisplayPointer use after free attempt
RuleID : 29034 - Revision : 5 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer javascript call method type confusion attempt
RuleID : 28232 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer javascript call method type confusion attempt
RuleID : 28231 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer iframe execCommand use after free attempt
RuleID : 27846 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer iframe execCommand use after free attempt
RuleID : 27845 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer CTreePos object use-after-free attempt
RuleID : 27844 - Revision : 7 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer CTreePos object use-after-free attempt
RuleID : 27843 - Revision : 6 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer CSegment object use after free attempt
RuleID : 27842 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer 9 MutationEvent use after free attempt
RuleID : 27841 - Revision : 6 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer range markup switch use after free attempt
RuleID : 27840 - Revision : 3 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer range markup switch use after free attempt
RuleID : 27839 - Revision : 3 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer CDisplayPointer use after free attempt
RuleID : 27838 - Revision : 5 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer CDisplayPointer use after free attempt
RuleID : 27837 - Revision : 5 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer AddOption use after free attempt
RuleID : 27836 - Revision : 3 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer AddOption use after free attempt
RuleID : 27835 - Revision : 3 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer javascript apply method type confusion attempt
RuleID : 27834 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer javascript call method type confusion attempt
RuleID : 27833 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer javascript apply method type confusion attempt
RuleID : 27832 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer javascript call method type confusion attempt
RuleID : 27831 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer hgroup element DOM reset use after free attempt
RuleID : 27830 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer hgroup element DOM reset use after free attempt
RuleID : 27829 - Revision : 2 - Type : BROWSER-IE

Metasploit Database

idDescription
2013-09-10 MS13-069 Microsoft Internet Explorer CCaret Use-After-Free

Nessus® Vulnerability Scanner

DateDescription
2013-09-11Name : The remote host is affected by multiple code execution vulnerabilities.
File : smb_nt_ms13-069.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
DateInformations
2014-02-17 11:47:46
  • Multiple Updates
2014-01-23 21:20:30
  • Multiple Updates
2014-01-19 21:30:58
  • Multiple Updates
2014-01-03 17:19:08
  • Multiple Updates
2013-10-11 13:30:51
  • Multiple Updates
2013-09-29 17:20:25
  • Multiple Updates
2013-09-11 21:22:45
  • Multiple Updates
2013-09-10 21:20:50
  • First insertion