Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Internet Explorer cumulative security update


Report ID: S201110007
Date Published: 12 October 2011

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9




Summary

A cumulative security update for Internet Explorer has been released to address eight reported vulnerabilities, each of which could lead to remote code execution.



Detailed Description

Microsoft has released a cumulative security update for Internet Explorer, which affects IE6 to IE9. The update rolls out fixes for eight reported vulnerabilities which could allow a remote attacker to execute arbitrary code and take control of an affected system.

 

The eight reported vulnerabilities are as follow:

  • Scroll event remote code execution vulnerability (CVE-2011-1993)
    Option element remote code execution vulnerability (CVE-2011-1996)
    OnLoad event remote code execution vulnerability (CVE-2011-1997)
    Body element remote code execution vulnerability (CVE-2011-2000)
    When IE attempts to access a deleted object, it could lead to memory corruption in such a way that the attacker could execute code in the context of the logged-on user.

  • OLEAuto32.dll remote code execution vulnerability (CVE-2011-1995)
    Jscript9.dll remote code execution vulnerability (CVE-2011-1998)
    When IE attempts to access an object that has not been initialized, it could lead to memory corruption in such a way that the attacker could execute code in the context of the logged-on user.

  • Select element remote code execution vulnerability (CVE-2011-1999)
    When IE attempts to access a dereferenced memory address, it could lead to memory corruption in such a way that the attacker could execute code in the context of the logged-on user.

  • Virtual function table corruption remote code execution vulnerability (CVE-2011-2001)
    When IE attempts to access a corrupted virtual function table, it could lead to memory corruption in such a way that the attacker could execute code in the context of the logged-on user.

 

The vulnerabilities mentioned above have been addressed in the update through modification in the way IE handles objects in memory, and the way IE allocates and accesses memory. Users are recommended to apply the latest update to protect their system from potential exploit.



CVE Reference

CVE-2011-1993, CVE-2011-1995, CVE-2011-1996, CVE-2011-1997, CVE-2011-1998, CVE-2011-1999, CVE-2011-2000, CVE-2011-2001



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-081)




Online Virus Scanner

 
Run a quick online virus scan of your computer.