[Japanese]
|
JVNDB-2013-000093
|
Internet Explorer vulnerable to arbitrary code execution
|
Internet Explorer contains a vulnerability that may allow arbitrary code execution.
According to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited.
|
CVSS V2 Severity: Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
Microsoft Corporation
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 7
- Microsoft Internet Explorer 8
- Microsoft Internet Explorer 9
- Microsoft Internet Explorer 10
- Microsoft Internet Explorer 11
|
|
If a user views a specially crafted web page, an arbitrary code may be executed.
|
[Apply an update]
Apply Cumulative Security Update for Internet Explorer (2879017) according to the information provided by Microsoft.
(http://technet.microsoft.com/en-us/security/bulletin/ms13-080)
[Apply a workaround]
The following workarounds may mitigate the affects of this vulnerability.
* Apply Fix it 51001
(https://support.microsoft.com/kb/2887505)
* Apply Enhanced Mitigation Experience Toolkit (EMET)
(https://support.microsoft.com/kb/2458544/en)
* Restrict the execution of ActiveX control and Active Script
For more information, please see "Suggested Actions" of Microsoft Security Advisory (2887505).
(http://technet.microsoft.com/en-us/security/advisory/2887505#section6)
|
Microsoft Corporation
|
- Resource Management Errors(CWE-399) [NVD Evaluation]
|
- CVE-2013-3893
|
- JVN : JVN#27443259
- National Vulnerability Database (NVD) : CVE-2013-3893
- IPA SECURITY ALERTS : Security Alert for Internet Explorer (CVE-2013-3893) (in Japanese)
- JPCERT REPORT : Vulnerability in Microsoft Internet Explorer in September 2013 (in Japanese)
|
- [2013/09/19]
Web page was published
[2013/09/26]
Vendor Information : Contents were added
[2013/10/10]
Solution was modified
Vendor Information : Contents were added
|