Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Wed, 13 Nov 2013 12:03:15 +0100
Type : VULN
Sujet : CERT-Renater : 2013/VULN496 ( Microsoft : Critical Cumulative Security Update for Internet Explorer (2888505))
====================================================================
                           CERT-Renater

               Note d'Information No. 2013/VULN496
_____________________________________________________________________

DATE                : 13/11/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Internet Explorer versions 6, 7,
                              8, 9, 10, 11.

======================================================================
https://technet.microsoft.com/en-us/security/bulletin/ms13-088
______________________________________________________________________

Microsoft Security Bulletin MS13-088 - Critical Cumulative Security
Update for Internet Explorer (2888505)

Published: Tuesday, November 12, 2013

Version: 1.0


General Information


Executive Summary

This security update resolves ten privately reported vulnerabilities in
Internet Explorer. The most severe vulnerabilities could allow remote
code execution if a user views a specially crafted webpage using
Internet Explorer.
An attacker who successfully exploited the most severe of these
vulnerabilities could gain the same user rights as the current user.
Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative
user rights.

This security update is rated Critical for Internet Explorer 6, Internet
Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer
10, and Internet Explorer 11 on affected Windows clients and Important
for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8,
Internet Explorer 9, and Internet Explorer 10 on affected Windows
servers. In addition, for Internet Explorer 11 on affected Windows
servers, this security update is rated Moderate. For more information,
see the subsection, Affected and Non-Affected Software, in this section.


Affected Software

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows Server 2012 Windows RT
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 R2
Windows RT 8.1


Vulnerability Information

Internet Explorer Information Disclosure Vulnerability - CVE-2013-3908

An information disclosure vulnerability exists in the way that Internet
Explorer handles specially crafted web content when generating print
previews.

An attacker who successfully exploited this vulnerability could gather
information from any page that the victim is viewing.


To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2013-3908.


Internet Explorer Information Disclosure Vulnerability - CVE-2013-3909
An information disclosure vulnerability exists in the way that Internet
Explorer processes CSS special characters. An attacker could exploit
the vulnerability by constructing a specially crafted webpage that
could allow information disclosure if a user viewed the webpage. An
attacker who successfully exploited this vulnerability could view
content from another domain or Internet Explorer zone.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2013-3909.

Multiple Memory Corruption Vulnerabilities in Internet Explorer

Remote code execution vulnerabilities exist when Internet Explorer
improperly accesses objects in memory. These vulnerabilities could
corrupt memory in such a way that an attacker could execute arbitrary
code in the context of the current user.


Vulnerability title 					CVE number

Internet Explorer Memory Corruption Vulnerability 	CVE-2013-3871

Internet Explorer Memory Corruption Vulnerability 	CVE-2013-3910

Internet Explorer Memory Corruption Vulnerability 	CVE-2013-3911

Internet Explorer Memory Corruption Vulnerability 	CVE-2013-3912

Internet Explorer Memory Corruption Vulnerability 	CVE-2013-3914

Internet Explorer Memory Corruption Vulnerability 	CVE-2013-3915

Internet Explorer Memory Corruption Vulnerability 	CVE-2013-3916

Internet Explorer Memory Corruption Vulnerability 	CVE-2013-3917


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================

[An attachment of type application/pkcs7-signature was included here]