Executive Summary

Summary
Title Cumulative Security Update for Internet Explorer (2497640)
Informations
Name MS11-018 First vendor Publication 2011-04-12
Vendor Microsoft Last vendor Modification 2011-05-16
Severity (Vendor) Critical Revision 2.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V2.0 (May 16, 2011): Bulletin rereleased to reoffer the update for Internet Explorer 7 on supported editions of Windows XP and Windows Server 2003. This is a detection change only. There were no changes to the binaries. Only affected customers will be offered the update. Customers who have installed the update manually and customers running configurations not targeted by the change to detection logic do not need to take any action.Summary: This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS11-018.mspx

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-399 Resource Management Errors
33 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11838
 
Oval ID: oval:org.mitre.oval:def:11838
Title: DEPRECATED: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385
Description: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0346
 Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11882
 
Oval ID: oval:org.mitre.oval:def:11882
Title: MSHTML Memory Corruption Vulnerability
Description: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0346
 Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11926
 
Oval ID: oval:org.mitre.oval:def:11926
Title: Frame Tag Information Disclosure Vulnerability
Description: Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1244
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12228
 
Oval ID: oval:org.mitre.oval:def:12228
Title: Object Management Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1345
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12385
 
Oval ID: oval:org.mitre.oval:def:12385
Title: Javascript Information Disclosure Vulnerability
Description: Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1245
 Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12463
 
Oval ID: oval:org.mitre.oval:def:12463
Title: Layouts Handling Memory Corruption Vulnerability
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0094
 Version: 8
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

OpenVAS Exploits

Date Description
2011-04-13 Name : Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
File : nvt/secpod_ms11-018.nasl
2011-02-01 Name : Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulner...
File : nvt/gb_ms_ie_releaseinterface_code_execution_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
71777 Microsoft IE Frame Tag Handling Information Disclosure

Microsoft IE contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the program fails to properly enforce content access domain restrictions, which will disclose sensitive information to a context-dependent attacker via a crafted web page. This vulnerability has also been reported to allow clickjacking attacks.
71726 Microsoft IE JavaScript Unspecified Cross-domain Information Disclosure

Microsoft IE contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the program fails to restrict scripts from accessing cross-domain or zone content, which will disclose sensitive information to a context-dependent attacker using a crafted web page.
71725 Microsoft IE Object Management onPropertyManagement Processing Memory Corruption

A memory corruption flaw exists in Microsoft IE. The program fails to sanitize user-supplied input during onPropertyChange function calls, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code.
71724 Microsoft IE Layouts Handling Memory Corruption

A memory corruption flaw exists in Microsoft IE. The program fails to sanitize user-supplied input when handling objects in memory which were not previously initialized or have been deleted, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code.
70391 Microsoft IE MSHTML.DLL ReleaseInterface Function Use-after-free Arbitrary Co...

Microsoft IE contains a user-after-free vulnerability related to the ReleaseInterface function in MSHTML.DLL. This may allow a context-dependent attacker to use a crafted web page to execute arbitrary code via vectors related to DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions.

Snort® IPS/IDS

Date Description
2016-04-05 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 37881 - Revision : 2 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer object management memory corruption attempt
RuleID : 28259 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer object management memory corruption attempt
RuleID : 28258 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24872 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24871 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24870 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24869 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer object management memory corruption attempt
RuleID : 18671 - Revision : 17 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer object management memory corruption attempt
RuleID : 18670 - Revision : 17 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer cross-domain object manipulation attempt
RuleID : 18669 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 6/7 CSS swapNode memory corruption attempt
RuleID : 18646 - Revision : 6 - Type : SPECIFIC-THREATS
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 16377 - Revision : 18 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2011-04-13 Name : Arbitrary code can be executed on the remote host through a web browser.
File : smb_nt_ms11-018.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-03-20 21:21:08
  • Multiple Updates
2014-02-17 11:46:54
  • Multiple Updates
2014-01-19 21:30:38
  • Multiple Updates