| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| Microsoft Security Advisory 2847140 | Vulnerability in Internet Explorer Could Allow Remote Code Execution | Windows XP | Critical | 08-05-2013 |
Technical Information
Brief overview of the risk:
This is a remote code execution vulnerability which affects Internet Explorer version 8.
Detailed Information on the risk:
Triggering the vulnerability may cause memory corruption within the Internet Explorer 8 process in a way that could allow remote execution of arbitrary code in the context of the current user within Internet Explorer. The vulnerability exists in the way that Internet Explorer accesses deleted objects (use-after-free) or an object that has not been properly allocated. Attempts to exploit this vulnerability will be blocked as Trojan ( 0040f4251 ). This detection is based on advice and PoCs provided by the Microsoft Active Protections Program. We are currently monitoring our telemetry data for any hits of this threat in the wild.
Further information on this exploit is available at : Microsoft Security Advisory 2847140
Affected Software
Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1