Forum Thread: SA53193 and SA56974 Relationship and IE11

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

Relating to this vendor:
And, this specific program:
Microsoft Internet Explorer 11.x

This thread has been marked as locked.
gregorio2 SA53193 and SA56974 Relationship and IE11
Member 21st Feb, 2014 04:43
Ranking: 2
Posts: 14
User Since: 20th Jan, 2009
System Score: N/A
Location: US
Last edited on 21st Feb, 2014 21:27

Trying to get clear understanding of vulnerbility and exploit and how risky is it to use IE11.

SA53193 updated on 2014-02-19 two days after SA56974 posted.
SA53193 referenced:
SA53193 posted originally 2013-05-06 last year and I cannot see if it originally reported IE11 as
effected but I do not think it did.
VU#539289 Original Release date: 17 Feb 2014 three days after VU#732479.
VU#539289 does not reference a CVE.

VU#539289 points to active zero-day exploit:
"This vulnerability is actively being used by exploit code in the wild."
"On February 11, FireEye identified a zero-day exploit (CVE-2014-0322) being served up from the U.S. Veterans of Foreign Wars’ website (vfw[.]org)."

SA56974 references:
US-CERT (Original Release date: 14 Feb 2014):

VU#732479 also points to the same zero-day at FireEye and
references CVE-2014-0322.

The way I am reading this is SA53193 / VU#539289 are describing the vulnerbility and
SA56974 / VU#732479 are describing a specific exploit using that same vulnerbility.
Edit: True, but used more than just that vulnerability.

Please correct me if this wrong and clear the correlation between VU#732479 and VU#539289
/ SA56974 and SA53193.

Edit: I think I further understand and am answering my own question. SA56974 used the vulnerability cited by SA53193 and more*, so SA56974 effects only IE9 &10 critically and SA53193 effects IE6 - 11
but not critically.
The more* quoted from US-CERT: "Microsoft Internet Explorer contains a use-after-free vulnerability in the MSHTML CMarkup component, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system."
End Edit.

Also VU#732479 references VU#539289, but VU#732479 states IE11 mitigates exploit and
VU#539289 states IE11 vulnerable. I do not understand that and find nothing in any the
references cited by VU#539289 and VU#732479 showing IE11 is vulnerable other than
the statement at top of VU#539289:
"We have confirmed that this issue affects Internet Explorer versions 6 through 11 running on Microsoft Windows through version 8.1."
If IE11 mitigated exploit that used vulnerability how is IE11 considered vulnerable now when before and after exploit it was not? Or is US-CERT now saying the vulnerability does make IE11 open to future exploits just not this one?
Or did US-CERT make mistake in saying it is?
Edit: No mistake, vulnerability can be used in IE11 but attack only targeted IE9 and IE10 using additional vulnerabilities.

Please correct me is I missed something in the references. Edit : Yes and answered above.
Also the other common reference is the one pointing out the vulnerbility back April 25, 2013:

Edit: If someone would please state what I have meandering about here in clearer fashion,
thanks in advance.
But as stated in SA53193 and US-CERT VU#539289, IE11 has vulnerability that has no mitigation.
Maybe now Microsoft will get about fixing this after 10 months lag from original report of 25 Apr 2013.

No one has replied to this thread yet - be the first
This thread has been marked as locked.