MS KB2847140: Vulnerability in Internet Explorer 8 Could Allow Remote Code Execution (deprecated)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a remote code execution vulnerability.

Description :

The remote host is missing one of the workarounds referenced in KB
2847140.

The remote version of IE reportedly has a use-after-free flaw related to
how CGenericElement objects are handled that could result in arbitrary
code execution on the remote system.

This plugin has been deprecated due to the publication of MS13-038.
Microsoft has released updates that make the workarounds unnecessary.
To check for those, use Nessus plugin ID 66413.

See also :

http://technet.microsoft.com/en-us/security/advisory/2847140

Solution :

Apply the IE settings workarounds suggested by Microsoft in the
advisory, or apply the MSHTML Shim workaround in the Microsoft
'Fix it' solution.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:F/RL:W/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 66329 ()

Bugtraq ID: 59641

CVE ID: CVE-2013-1347

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now