Microsoft Internet Explorer 10 Denial Of Service Execute Code Overflow Memory corruption Vulnerability
13 Sep. 2016
Summary
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,".
Vulnerable Systems:
* Microsoft Internet Explorer 9
* Microsoft Internet Explorer 10
* Microsoft Internet Explorer 11
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. For more information, see the Affected Software section.
The update addresses the vulnerabilities by:
Modifying how Internet Explorer handles objects in memory
Modifying how the JScript and VBScript scripting engines handle objects in memory
Correcting how the Microsoft Browser XSS Filter validates JavaScript
Changing how certain functions in Internet Explorer handle objects in memory
Correcting how Internet Explorer parses HTML