copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.2332 - [Win] Microsoft Internet Explorer: Multiple vulnerabilities

Date: 09 December 2014

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.2332
        Cumulative Security Update for Internet Explorer (3008923)
                              9 December 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Internet Explorer
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Reduced Security                -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-8966 CVE-2014-6376 CVE-2014-6375
                   CVE-2014-6374 CVE-2014-6373 CVE-2014-6369
                   CVE-2014-6368 CVE-2014-6366 CVE-2014-6365
                   CVE-2014-6330 CVE-2014-6329 CVE-2014-6328
                   CVE-2014-6327  

Original Bulletin: 
   https://technet.microsoft.com/library/security/ms14-080

- --------------------------BEGIN INCLUDED TEXT--------------------

Microsoft Security Bulletin MS14-080 - Critical
Cumulative Security Update for Internet Explorer (3008923)

Published: December 9, 2014

Version: 1.0

Executive Summary

This security update resolves fourteen privately reported vulnerabilities in 
Internet Explorer. The most severe of these vulnerabilities could allow remote
code execution if a user views a specially crafted webpage using Internet 
Explorer. An attacker who successfully exploited these vulnerabilities could 
gain the same user rights as the current user. Customers whose accounts are 
configured to have fewer user rights on the system could be less impacted than
those who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6 (IE 6), 
Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 
(IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on 
affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), 
Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 
(IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on 
affected Windows servers.

Affected Software

Internet Explorer 6 
Internet Explorer 7 
Internet Explorer 8 
Internet Explorer 9 
Internet Explorer 10 
Internet Explorer 11 

Vulnerability Information

Multiple Memory Corruption Vulnerabilities in Internet Explorer

Remote code execution vulnerabilities exist when Internet Explorer improperly 
accesses objects in memory. These vulnerabilities could corrupt memory in such 
a way that an attacker could execute arbitrary code in the context of the 
current user. The update addresses the vulnerabilities by modifying the way 
that Internet Explorer handles objects in memory.

Vulnerability title		CVE number	Publicly 	Exploited
						Disclosed

Internet Explorer Memory 	CVE-2014-6327	No		No
Corruption Vulnerability

Internet Explorer Memory	CVE-2014-6329	No		No
Corruption Vulnerability

Internet Explorer Memory	CVE-2014-6330	No		No
Corruption Vulnerability	

Internet Explorer Memory	CVE-2014-6366	No		No
Corruption Vulnerability

Internet Explorer Memory	CVE-2014-6369	No		No
Corruption Vulnerability

Internet Explorer Memory 	CVE-2014-6373	No		No
Corruption Vulnerability

Internet Explorer Memory 	CVE-2014-6374	No		No
Corruption Vulnerability

Internet Explorer Memory 	CVE-2014-6375	No		No
Corruption Vulnerability

Internet Explorer Memory 	CVE-2014-6376	No		No
Corruption Vulnerability

Internet Explorer Memory 	CVE-2014-8966	No		No
Corruption Vulnerability

Multiple XSS Filter Bypass Vulnerabilities in Internet Explorer

XSS filter bypass vulnerabilities exist in the way that Internet Explorer 
disables an HTML attribute in otherwise appropriately filtered HTTP response 
data. The vulnerabilities could allow initially disabled scripts to run in the
wrong security context, leading to information disclosure.

Vulnerability title		CVE number	Publicly 	Exploited
						Disclosed

Internet Explorer XSS Filter 	CVE-2014-6328	No		No
Bypass Vulnerability

Internet Explorer XSS Filter 	CVE-2014-6365	No		No
Bypass Vulnerability

Internet Explorer ASLR Bypass Vulnerability - CVE-2014-6368

A security feature bypass vulnerability exists when Internet Explorer does not 
use the Address Space Layout Randomization (ASLR) security feature, allowing an
attacker to more reliably predict the memory offsets of specific instructions
in a given call stack. This vulnerability could allow an attacker to bypass the
Address Space Layout Randomization (ASLR) security feature, which helps protect
users from a broad class of vulnerabilities. The security feature bypass by 
itself does not allow arbitrary code execution. However, an attacker could use 
this ASLR bypass vulnerability in conjunction with another vulnerability, such
as a remote code execution vulnerability, that could take advantage of the ASLR
bypass to run arbitrary code. For example, a remote code execution 
vulnerability that is blocked by ASLR, could be exploited after a successful 
ASLR bypass.

Vulnerability title	CVE number	Publicly Disclosed	Exploited

Internet Explorer ASLR 	CVE-2014-6368	No			No
Bypass Vulnerability

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVId5JxLndAQH1ShLAQJcCw/+Ir8/0AzQL2DmXYVhDkuL0EfcG7XiBVdj
lxOvtUZXb/MKxTfthP9Y7CzM/Km0T+p9gsExDQLwawuIf2lUq0EWbNTbmOg8wIMp
eCF4RhKRkUbTRuqTDxk84ydK87tcRYUPWiDwUvr/OUUdcf+6GQXevw8obxLgmv/E
FAzHprKObjUbR4ZxPFjrCywtd+5nJs5SgC2F3+Iouv5g2I9OCeRGFXC4VvUSp9MX
JY/0gbvSo6NUbIkcp4S9G7BvW8uTmP8y8tt9VGQGiUn/eSQqlbvlgqDQV4Jnrnhq
ep0XV/KtFFuULBni6sxRjxVW9VReM0bktd1XmAIyBZuXeP/8CZ30NSgDsnQo071c
9Q2YeQYiPCRLnz2p30l16uY/0w/VdT7P+YSpWhmYzA9Xx7VW7zlRkaGRddbC7qQz
mU3w6EPguNTFiZrePdfOPxPMcQgsIPhd/jLXA02hyGg7ez2e++wvrHEFfjqfXUWV
x+RV2eCJgNjCuHz6NTcs90XpkzzmJemtuXKjSsJ5wl0jVQk3NdNYPFpgqoVs0TXl
gd9+v7iDOPPdsWtctsdjI5F229ArKUMQ9JYcsOp/p2oJLwlUJVXWBaY+BzK0bvMY
PT9VNTKGuQFKsjj2wfPth3soCSA2XCZ9csNTjh7NG7eodW68Fb7OVgdZ1Ns4jVsm
mxYFKaVT38o=
=BSgy
-----END PGP SIGNATURE-----