ID: IRCNE2013101980
Date: 2013-10-14
According to “ZDNet”, Microsoft on Thursday updated one of the security bulletins they released on Tuesday. MS13-080, a cumulative update for Internet Explorer, previously listed 10 vulnerabilities, and now lists only nine.
The vulnerability is CVE-2013-3871, and was described in the original bulletin as a memory corruption vulnerability, with this vague elaboration:
Remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
The other none vulnerabilities are also memory corruption vulnerabilities.
A notice sent on a mailing list from Microsoft said that including the vulnerability in the bulletin was an error, and that it was not, in fact, included in the MS13-080 update code. "CVE-2013-3871 is scheduled to be addressed in a future security update. "
Related Posts:
Microsoft patches 28 vulnerabilities, including zero-day
- 2