CERTA-2013-ALE-003
Vulnerability from certfr_alerte
Une vulnérabilité a été découverte dans Microsoft Internet Explorer 8. Elle permet une exécution de code arbitraire à distance au moyen d'une page Web spécialement conçue.
Les versions 6, 7, 9 et 10 de Microsoft Internet Explorer ne sont pas affectées par cette vulnérabilité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Internet Explorer 8.",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2013-05-15",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-1347",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1347"
}
],
"initial_release_date": "2013-05-06T00:00:00",
"last_revision_date": "2013-05-15T00:00:00",
"links": [
{
"title": "Bulletin d\u0027actualit\u00e9 CERTA-2012-ACT-038",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2012-ACT-038/"
},
{
"title": "Avis de s\u00e9curit\u00e9 CERTA-2013-AVI-300",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2013-AVI-300/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS13-038 du 14 mai 2013",
"url": "https://technet.microsoft.com/en-us/security/bulletin/MS13-038"
},
{
"title": "Correctif provisoire Microsoft 2847140 du 08 mai 2013 :",
"url": "http://support.microsoft.com/kb/2847140"
},
{
"title": "Outil de r\u00e9duction des risques li\u00e9s aux exploitations EMET :",
"url": "http://www.microsoft.com/en-us/download/details.aspx?id=29851"
}
],
"reference": "CERTA-2013-ALE-003",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2013-05-06T00:00:00.000000"
},
{
"description": "ajout du correctif publi\u00e9 par Microsoft dans les mesures de contournement provisoire, ajout du lien dans les documentations ;",
"revision_date": "2013-05-10T00:00:00.000000"
},
{
"description": "fermeture de l\u0027alerte, suite \u00e0 la diffusion du correctif par l\u0027\u00e9diteur.",
"revision_date": "2013-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMicrosoft\nInternet Explorer 8\u003c/span\u003e. Elle permet une ex\u00e9cution de code arbitraire\n\u00e0 distance au moyen d\u0027une page Web sp\u00e9cialement con\u00e7ue.\n\nLes versions 6, 7, 9 et 10 de \u003cspan class=\"textit\"\u003eMicrosoft Internet\nExplorer\u003c/span\u003e ne sont pas affect\u00e9es par cette vuln\u00e9rabilit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer 8",
"vendor_advisories": [
{
"published_at": "2013-05-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Security Advisory (2847140)",
"url": "http://technet.microsoft.com/en-us/security/advisory/2847140"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…