Microsoft Internet Explorer VML Memory Corruption

by Carol~ Moderator - 2/12/13 4:26 PM

In Reply to: VULNERABILITIES / FIXES - February 12, 2013 by Carol~ Moderator

Microsoft Internet Explorer VML Memory Corruption Vulnerability

Release Date : 2013-02-12

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software:
Microsoft Internet Explorer 10.x
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x

Description:
A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error when handling certain VML data and can be exploited to corrupt memory.

Successful exploitation allows execution of arbitrary code.

Solution:
Apply updates.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS13-010 (KB2797052):
http://technet.microsoft.com/en-us/security/bulletin/ms13-010

http://secunia.com/advisories/52129/