MS KB2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)
High Nessus Plugin ID 63372
SynopsisThe remote host has a web browser installed that is affected by a remote code execution vulnerability.
DescriptionThe remote host is missing the workaround referenced in KB 2794220 (Microsoft 'Fix it' 50971). This workaround mitigates a use-after-free vulnerability in Internet Explorer. Without this workaround enabled, an attacker could exploit this vulnerability by tricking a user into viewing a maliciously crafted web page, resulting in arbitrary code execution. This vulnerability is being actively exploited in the wild.
Note that the Microsoft 'Fix it' solution is effective only if the latest available version of 'mshtml.dll' is installed.
This plugin has been deprecated due to the publication of MS13-008. Microsoft has released updates that make the workarounds unnecessary. To check for those, use Nessus plugin ID 63522.
SolutionApply Microsoft 'Fix it' 50971.