-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0047 Title: Microsoft Internet Explorer Security Advisory [1]. Version history: 22.05.2013 Initial publication Summary ======= This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update also addresses the vulnerability first described in Microsoft Security Advisory 2847140 [2], which was quoted in the CERt-EU Security Advisory 2013-0042. Internet Explorer 6, Internet Explorer 7 and Internet Explorer 10 are not affected by the vulnerability. CVE [3]: CVE-2013-1347 Affected Versions ================= Internet Explorer 8 Internet Explorer 9 Original Details ================ This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. What can you do? ================ Download the proper patch for your installation from [1] What to tell your users ======================= Normal security best practices apply. Especially, inform your Web users to be cautious about links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware not to click on the link in suspicious emails; to immediately forward the suspicious email to the respective IT security officer / contact in your institution. More information ================ [1] http://technet.microsoft.com/en-us/security/bulletin/ms13-038 [2] http://technet.microsoft.com/en-us/security/advisory/2847140 [3] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347 Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJRnKhcAAoJEPpzpNLI8SVoslgQAJr34YaTLkwlT6J8NenmgCUF tzr0p40CYAdGtL35TPMLvSP+kBf8MD9av6Dg9bmeGDS9JXIWqdmt6S0VveoJ4o5I AXn1BkSGxW5yXl/4g46vUiNz2Tyzdi6Wa1xMp8ztopP6UZcVJDJd1CVTLBauL6gQ 8doXDodx2oPklFthhQiMSvWI1cnaEhk2SEqKsrjBwOUUb/CkfRaj3/Dc86w76672 fMlQTTtgUaae+aLDd861do+BFR7xMOmtQQYc5LTihXRilynXbGNRUx8anaIvFzrw xS2nVxzzGh2YXKeMYbMz6nu3amFz/a4sDaoaMlt/Byz6unYEZz1qxcEJubvRnMmm R8uz7vss6aUWBDxmxBPGG1slvIMMXq8WUhZg/dk5ndmIgVY4+tYnAYEvB/fObNdi 0bEZlEQj7WHJIGaXqaa7g+Ghu2EkLvHg9LLYHULJejI4irOlxEuQsvLMFqGqUiBi odC20e4FtDcdiwkT1/5pX63VkcVXjB0wrKle+xedIKu1VcMIL95C3cSXjXaTAUO0 dVwHpTlkf6OkimzVQqcnhfZhyrWO/ra21MOHTIRMTlTUIOx1+mhhN7PKbj3Zzv9v 8ad39sB6mNVoaCX4OgHSfjwe9FYAmdnxGW+dZyH7vAdLiwcnkqqifWmEjcHApMad zz60AfxPMyRtitK4UrvQ =FtTF -----END PGP SIGNATURE-----