navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: SA53193 and SA56974 Relationship and IE11

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Internet Explorer 11.x

This thread has been marked as locked.
gregorio2 SA53193 and SA56974 Relationship and IE11
Member 21st Feb, 2014 04:43
Ranking: 2
Posts: 14
User Since: 20th Jan, 2009
System Score: N/A
Location: US
Last edited on 21st Feb, 2014 21:27

Trying to get clear understanding of vulnerbility and exploit and how risky is it to use IE11.

SA53193 updated on 2014-02-19 two days after SA56974 posted.
SA53193 referenced:
US-CERT:
http://www.kb.cert.org/vuls/id/539289
SA53193 posted originally 2013-05-06 last year and I cannot see if it originally reported IE11 as
effected but I do not think it did.
VU#539289 Original Release date: 17 Feb 2014 three days after VU#732479.
VU#539289 does not reference a CVE.

VU#539289 points to active zero-day exploit:
"This vulnerability is actively being used by exploit code in the wild."
http://www.fireeye.com/blog/uncategorized/2014/02/...
"On February 11, FireEye identified a zero-day exploit (CVE-2014-0322) being served up from the U.S. Veterans of Foreign Wars’ website (vfw[.]org)."

SA56974 references:
US-CERT (Original Release date: 14 Feb 2014):
http://www.kb.cert.org/vuls/id/732479

VU#732479 also points to the same zero-day at FireEye and
references CVE-2014-0322.

The way I am reading this is SA53193 / VU#539289 are describing the vulnerbility and
SA56974 / VU#732479 are describing a specific exploit using that same vulnerbility.
Edit: True, but used more than just that vulnerability.

Please correct me if this wrong and clear the correlation between VU#732479 and VU#539289
/ SA56974 and SA53193.

Edit: I think I further understand and am answering my own question. SA56974 used the vulnerability cited by SA53193 and more*, so SA56974 effects only IE9 &10 critically and SA53193 effects IE6 - 11
but not critically.
The more* quoted from US-CERT: "Microsoft Internet Explorer contains a use-after-free vulnerability in the MSHTML CMarkup component, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system."
End Edit.

Also VU#732479 references VU#539289, but VU#732479 states IE11 mitigates exploit and
VU#539289 states IE11 vulnerable. I do not understand that and find nothing in any the
references cited by VU#539289 and VU#732479 showing IE11 is vulnerable other than
the statement at top of VU#539289:
"We have confirmed that this issue affects Internet Explorer versions 6 through 11 running on Microsoft Windows through version 8.1."
If IE11 mitigated exploit that used vulnerability how is IE11 considered vulnerable now when before and after exploit it was not? Or is US-CERT now saying the vulnerability does make IE11 open to future exploits just not this one?
Or did US-CERT make mistake in saying it is?
Edit: No mistake, vulnerability can be used in IE11 but attack only targeted IE9 and IE10 using additional vulnerabilities.

Please correct me is I missed something in the references. Edit : Yes and answered above.
Also the other common reference is the one pointing out the vulnerbility back April 25, 2013:
http://soroush.secproject.com/blog/2013/04/microso...

Edit: If someone would please state what I have meandering about here in clearer fashion,
thanks in advance.
But as stated in SA53193 and US-CERT VU#539289, IE11 has vulnerability that has no mitigation.
Maybe now Microsoft will get about fixing this after 10 months lag from original report of 25 Apr 2013.

No one has replied to this thread yet - be the first
This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+