Microsoft Internet Explorer Remote Code Execution Vulnerability

High Log Correlation Engine Plugin ID 801618

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote Internet Explorer install is affected by an unspecified
use-after-free vulnerability related to the VML and Flash components.
By exploiting this flaw, a remote, unauthenticated attacker could
execute arbitrary code on the remote host subject to the privileges of
the user running the affected application. Internet Explorer
versions 6 through 11 are vulnerable.

Solution

Apply the IE settings and workarounds suggested by Microsoft in
security advisory 2963983. (https://technet.microsoft.com/en-US/library/security/2963983)

See Also

httphttps://technet.microsoft.com/en-US/library/security/2963983

http://www.nessus.org/u?671b0a2a

Plugin Details

Severity: High

ID: 801618

File Name: 801618.prm

Family: Web Clients

Nessus ID: 73739

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:U/RC:C

Reference Information

CVE: CVE-2014-1776

BID: 67075