Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer |
Informations | |||
---|---|---|---|
Name | MS13-088 | First vendor Publication | 2013-11-12 |
Vendor | Microsoft | Last vendor Modification | 2013-11-12 |
Severity (Vendor) | Version | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Severity Rating: Critical |
Original Source
Url : https://technet.microsoft.com/en-us/library/security/MS13-088 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
80 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18342 | |||
Oval ID: | oval:org.mitre.oval:def:18342 | ||
Title: | Information disclosure vulnerability in Microsoft Internet Explorer (CVE-2013-3909) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "Internet Explorer Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3909 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18488 | |||
Oval ID: | oval:org.mitre.oval:def:18488 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3916) - MS13-088 | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3912. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3916 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18706 | |||
Oval ID: | oval:org.mitre.oval:def:18706 | ||
Title: | Information disclosure vulnerability in Microsoft Internet Explorer (CVE-2013-3908) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, aka "Internet Explorer Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3908 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18893 | |||
Oval ID: | oval:org.mitre.oval:def:18893 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3914) - MS13-088 | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3914 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18936 | |||
Oval ID: | oval:org.mitre.oval:def:18936 | ||
Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3871) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3871 | Version: | 6 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19109 | |||
Oval ID: | oval:org.mitre.oval:def:19109 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3910) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3910 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19138 | |||
Oval ID: | oval:org.mitre.oval:def:19138 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3917) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3915. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3917 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19182 | |||
Oval ID: | oval:org.mitre.oval:def:19182 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3912) - MS13-088 | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3916. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3912 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19243 | |||
Oval ID: | oval:org.mitre.oval:def:19243 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3915) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3917. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3915 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19265 | |||
Oval ID: | oval:org.mitre.oval:def:19265 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3911) - MS13-088 | ||
Description: | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3911 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-11-14 | IAVM : 2013-A-0215 - Cumulative Security Update for Microsoft Internet Explorer Severity : Category I - VMSKEY : V0042296 |
2013-10-10 | IAVM : 2013-A-0188 - Cumulative Security Update for Microsoft Internet Explorer Severity : Category I - VMSKEY : V0040759 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-02-18 | Microsoft Internet Explorer CAnchorElement use after free attempt RuleID : 33099 - Revision : 5 - Type : BROWSER-IE |
2014-01-18 | Microsoft Internet Explorer print preview information disclosure attempt RuleID : 28997 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer generic use after free attempt RuleID : 28524 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer generic use after free attempt RuleID : 28523 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer print preview information disclosure attempt RuleID : 28522 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer undo use after free attempt RuleID : 28504 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer createRange user after free attempt RuleID : 28496 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer execCommand CTreePos memory corruption attempt RuleID : 28495 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer execCommand CTreePos memory corruption attempt RuleID : 28494 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer freed CTreePos object use-after-free attempt RuleID : 28492 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CEditAdorner use after free attempt RuleID : 28491 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer deleted object memory corruption attempt RuleID : 28490 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CAnchorElement use after free attempt RuleID : 28489 - Revision : 6 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-11-13 | Name : The remote host is affected by multiple code execution vulnerabilities. File : smb_nt_ms13-088.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-02-18 21:24:45 |
|
2014-05-06 11:35:09 |
|
2014-05-06 11:34:07 |
|
2014-04-18 21:28:38 |
|
2014-04-18 21:20:29 |
|
2014-04-18 17:26:24 |
|
2014-04-18 17:19:48 |
|
2014-04-18 13:29:55 |
|
2014-04-18 13:20:37 |
|
2014-04-18 09:27:10 |
|
2014-04-18 09:19:52 |
|
2014-04-18 05:28:02 |
|
2014-04-18 05:20:56 |
|
2014-04-17 21:26:00 |
|
2014-04-17 21:20:23 |
|
2014-04-17 17:26:38 |
|
2014-04-17 17:19:28 |
|
2014-04-17 13:29:32 |
|
2014-04-17 13:20:27 |
|
2014-04-17 09:08:00 |
|
2014-02-17 11:47:50 |
|
2014-01-19 21:31:00 |
|
2013-12-11 17:24:48 |
|
2013-11-15 21:21:00 |
|
2013-11-13 13:22:04 |
|
2013-11-12 21:17:13 |
|