Microsoft Internet Explorer Multiple Vulnerabilities


Description   Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
For more information:
SA61153
1) A use-after-free error when handling the CSetTimeoutInfo object can be exploited to corrupt memory.
2) An unspecified error can be exploited to bypass XSS filter.
3) A use-after-free error when handling the CTreePos object can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) An unspecified error can be exploited to bypass XSS filter.
6) An unspecified error can be exploited to corrupt memory.
7) An unspecified error can be exploited to bypass ASLR.
8) A use-after-free error when handling CTableSection objects can be exploited to corrupt memory.
9) Another unspecified error can be exploited to corrupt memory.
10) An error within the "RtfToForeign32" function can be exploited to cause a buffer overflow.
11) A use-after-free error when handling HTML elements created via the "execCommand" method can be exploited to corrupt memory.
12) An error within the "LineBoxBuilder::FindWord()" function can be exploited to cause a buffer overflow.
13) A type confusion error within the processing of the event handler of CInputElement elements can be exploited to corrupt memory.
Successful exploitation of vulnerabilities #1, #3, #4, #6, and #8 through #13 allows execution of arbitrary code.
     
Vulnerable Products   Vulnerable Software:
Microsoft Internet Explorer 10.xMicrosoft Internet Explorer 11.xMicrosoft Internet Explorer 6.xMicrosoft Internet Explorer 7.xMicrosoft Internet Explorer 8.xMicrosoft Internet Explorer 9.x
     
Solution   Apply update.-- Internet Explorer 6 --Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=1b3c04e5-5ea2-4c6a-b036-935c54121d9eWindows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=152900bf-9b87-46e9-8421-3bd2b960308eWindows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=91f8bdfc-d9e9-4a84-80e4-c8270dda3a40-- Internet Explorer 7 --Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=c389a136-67fc-4db9-9f29-4702afc96fbcWindows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=b3dccb35-5bb6-41fe-9ef5-af7d302b8c8aWindows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=77efb508-4669-43cd-ac1d-0a5b89592ff2Windows Vista Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=e7bbffc7-e63f-44c9-a0e3-e1ed318ecd29Windows Vista x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=14a609e8-4466-43cc-8c4e-f19fd099355dWindows Server 2008 for 32-bit Systems Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=6bc1a09b-65a4-404a-8d13-97e894f7446dWindows Server 2008 for x64-based Systems Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=0e41180f-bb92-49d6-90c7-2ef8bf045528Windows Server 2008 for Itanium-based Systems Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=8b44d476-aebf-4d79-bf2a-28ee7d7fad30-- Internet Explorer 8 --Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=7c3f35f9-2032-4c0a-8522-62deae444c93Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=b6f7b506-894c-44c3-8c72-1ce59b636b15Windows Vista Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=c978890c-c72d-4daa-9030-9c9310eed71fWindows Vista x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=a6098067-6be9-47c6-a9af-a4dd7fe817d1Windows Server 2008 for 32-bit Systems Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=67403111-726f-477f-9f77-c26b9de1cd73Windows Server 2008 for x64-based Systems Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=02b1fc94-b820-4d90-aa28-b3d86385cba8Windows 7 for 32-bit Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=93456a52-4e87-4770-a39e-4328d1f20e46Windows 7 for x64-based Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=fc171539-a23c-4ce5-8057-fd3a36afa2dbWindows Server 2008 R2 for x64-based Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=117bdbec-8122-46ea-b9ef-c2a08be91013Windows Server 2008 R2 for Itanium-based Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=cb48da23-3577-4b07-ac31-c2bea001be18-- Internet Explorer 9 --Windows Vista Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=e8c02ece-f64f-4d81-8b66-da63ee628358Windows Vista x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=0959caa5-b9aa-4675-8183-83d8fa1960edWindows Server 2008 for 32-bit Systems Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=d0f3bb51-dd55-4878-bf1e-d47e1429d717Windows Server 2008 for x64-based Systems Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=52da8ebc-bbe9-4b13-b4a4-844f6f5b74e1Windows 7 for 32-bit Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=7b0209e1-e4e2-4747-8b56-e972a5c91899Windows 7 for x64-based Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=acd79cef-9fa3-42d8-b94d-0acaf2aea2c9Windows Server 2008 R2 for x64-based Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=45c06d9c-08e1-4e36-affa-65706aa58d48-- Internet Explorer 10 --Windows 7 for 32-bit Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=f1d8e667-163c-4cf3-b9d4-b21a924ef0bfWindows 7 for x64-based Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=ab0bd648-e925-4100-ab0a-cd7dc52587a8Windows Server 2008 R2 for x64-based Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=3f15cdca-10ca-47ce-8e92-dc9ba859fc38Windows 8 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=e5a57355-b30f-4485-bd17-e642147e7403http://www.microsoft.com/downloads/details.aspx?FamilyID=d983e2e2-e8c9-4a1c-a6c4-48812285e752Windows 8 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=eb48d40c-e73c-4369-b48b-8e1754a5d0cbhttp://www.microsoft.com/downloads/details.aspx?FamilyID=d983e2e2-e8c9-4a1c-a6c4-48812285e752Windows Server 2012: http://www.microsoft.com/downloads/details.aspx?FamilyID=f628a5b0-3189-442e-8628-1d9e172a880bhttp://www.microsoft.com/downloads/details.aspx?FamilyID=5502e64b-f1a8-410c-9278-7e1571ce5dae-- Internet Explorer 11 --Windows 7 for 32-bit Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=d92de45c-95ec-43a9-b67a-6ae7a8f01ec8Windows 7 for x64-based Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=25099f9b-73d5-4e9d-9e1b-b5787ec689c8Windows Server 2008 R2 for x64-based Systems Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyID=e70e456f-3a92-4e05-96fe-43a803009132Windows 8.1 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=0ce34ef4-ffe5-4366-88fa-7b94d4a43e68Windows 8.1 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=8a8f96bf-4e9c-4c73-8f3c-d9a294301e04Windows Server 2012 R2: http://www.microsoft.com/downloads/details.aspx?FamilyID=75f24249-02e6-45ed-972d-66cfd81dacceNote: Security updates for Windows RT and Windows RT 8.1 are available via Windows Update only.
     
CVE   CVE-2014-8966
CVE-2014-6376
CVE-2014-6375
CVE-2014-6374
CVE-2014-6373
CVE-2014-6369
CVE-2014-6368
CVE-2014-6366
CVE-2014-6365
CVE-2014-6363
CVE-2014-6330
CVE-2014-6329
CVE-2014-6328
CVE-2014-6327
     
References   Microsoft (KB3008923
KB3029449):
https://technet.microsoft.com/library/security/ms14-080
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-14-404/
http://www.zerodayinitiative.com/advisories/ZDI-14-405/
http://www.zerodayinitiative.com/advisories/ZDI-14-406/
http://www.zerodayinitiative.com/advisories/ZDI-14-407/
http://www.zerodayinitiative.com/advisories/ZDI-14-408/
http://www.zerodayinitiative.com/advisories/ZDI-14-409/
http://www.zerodayinitiative.com/advisories/ZDI-15-050/
Dieyu:
http://seclists.org/fulldisclosure/2015/Jan/47
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
Invalid escaped char in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
Web 2.0 : Detection of visual basic script embedded in web page
5.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2014-8966)
6.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2014-6366)
6.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2014-6373)
6.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2014-6376)
6.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2014-12-09 

 Target Type 
Client 

 Possible exploit 
Remote