Microsoft update today one of security bulletins released on Tuesday. Ms13 does-080, a cumulative update for Internet Explorer, formerly listed 10 vulnerabilities and now only nine lists.
The vulnerability is CVE-2013-3871 and was described in the original newsletter as a memory corruption vulnerability, with this making vague:
Remote code execution vulnerability exists when Internet Explorer is improperly accessing an object in memory. These vulnerabilities could corrupt memory in a way that an attacker could execute arbitrary code in the context of the current user.
The other none vulnerabilities are also memory corruption vulnerabilities.
A notice sent to a mailing list of Microsoft said that including the vulnerability in the bulletin was a mistake, and that, in fact, it was not included in the ms13 does-080 upgrade code. "CVE-2013-3871 is scheduled to be addressed in a future security update".
The original version (thanks Wayback Machine) also gives credit to Simon Zuckerbraun, working with Zero Day Initiative of HP, for reporting the vulnerability of Microsoft.
Larry Seltzer has been a recognized expert in technology, with emphasis on mobile technology and security in recent years
Aucun commentaire:
Enregistrer un commentaire