Vulnerability

CERT-In Vulnerability Note CIVN-2013-0212
Multiple Vulnerabilities in Microsoft Internet Explorer

Original Issue Date:December 11, 2013

Severity Rating: HIGH

Systems Affected

Windows XP SP3 and Professional x64 Edition SP2
Windows Server 2003 SP2 and x64 Edition SP2 and SP2 for Itanium-based Systems
Windows Vista SP2 and x64 Edition SP2
Windows Server 2008 for 32-bit Systems SP2, x64-based Systems SP2 and Itanium-based Systems SP2
Windows 7 for 32-bit Systems SP1 and x64-based Systems SP1
Windows Server 2008 R2 for x64-based Systems SP1, Itanium-based Systems and Itanium-based Systems SP 1
Windows 8 for 32-bit Systems and x64-bit Systems
Windows 8.1 for 32-bit Systems and x64-bit Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1

Component Affected

Internet Explorer 6, 7, 8, 9, 10 and 11

Overview

Multiple vulnerabilities have been reported in Microsoft Internet Explorer which could allow a remote attacker to execute arbitrary code or gain elevated privileges on the targeted system.

Description

1. Privilege Elevation Vulnerabilities ( CVE-2013-5045 CVE-2013-5046 )

Two privilege Elevation vulnerabilities exist in Microsoft Internet Explorer due to improper validation of permissions in the Enhanced Protected Mode feature.

An enhanced protected mode feature is an added security feature which prevents attackers from installing software or modifying system settings. A remote attacker could exploit these vulnerabilities by convincing a user to follow a crafted link that allows submission of malicious input to the affected software resulting in bypassing of the Enhanced Protected Mode feature.

Successful exploitation could allow an attacker to gain elevated privileges and conduct further attacks.

2. Memory Corruption Vulnerabilities ( CVE-2013-5047 CVE-2013-5048 CVE-2013-5049 CVE-2013-5051 CVE-2013-5052 )

Multiple remote code execution vulnerabilities exist in Microsoft Internet Explorer due to improper handling of objects in the memory. An unauthenticated remote attacker could exploit these vulnerabilities by enticing the targeted user to visit a malicious website through Internet Explorer.

Successful exploitation of these vulnerabilities could result in execution of arbitrary code in context of the logged-in user.

Workaround

Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
Deploy EMET and configure for using with IE

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS13-097

Vendor Information

Microsoft
http://technet.microsoft.com/en-us/security/bulletin/ms13-097

References

Microsoft
http://technet.microsoft.com/en-us/security/bulletin/ms13-097
https://support.microsoft.com/kb/2898785

Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=31977
http://tools.cisco.com/security/center/viewAlert.x?alertId=31978
http://tools.cisco.com/security/center/viewAlert.x?alertId=31979
http://tools.cisco.com/security/center/viewAlert.x?alertId=31980
http://tools.cisco.com/security/center/viewAlert.x?alertId=31981
http://tools.cisco.com/security/center/viewAlert.x?alertId=31983
http://tools.cisco.com/security/center/viewAlert.x?alertId=31984

Secunia
http://secunia.com/advisories/55967/

Symantec
http://www.symantec.com/connect/blogs/microsoft-patch-tuesday-december-2013

CVE Name
CVE-2013-5045
CVE-2013-5046
CVE-2013-5047
CVE-2013-5048
CVE-2013-5049
CVE-2013-5051
CVE-2013-5052

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India