CVE-2016-3267 Microsoft Cumulative Security Update for Internet Explorer (MS16-118)

2016年10月12日 2368点热度 0人点赞 0条评论

漏洞类别：Internet Explorer

漏洞等级：

漏洞信息

This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

The update addresses the vulnerabilities by correcting how Internet Explorer handles:
objects in memory
namespace boundaries

漏洞危害

The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

解决方案

Customers are advised to refer to Microsoft Advisory MS16-118 for more details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS16-118: Windows Vista Service Pack 2 (Internet Explorer 9)

MS16-118: Windows Vista x64 Edition Service Pack 2 (Internet Explorer 9)

MS16-118: Windows Server 2008 for 32-bit Systems Service Pack 2 (Internet Explorer 9)

MS16-118: Windows Server 2008 for x64-based Systems Service Pack 2 (Internet Explorer 9)

MS16-118: Windows Server 2012 Security Only (Internet Explorer 10)

MS16-118: Windows Server 2012 Monthly Roll-Up (Internet Explorer 10)

MS16-118: Windows 7 for 32-bit Systems Service Pack 1Security Only (Internet Explorer 11)

MS16-118: Windows 7 for 32-bit Systems Service Pack 1Monthly Roll Up (Internet Explorer 11)

MS16-118: Windows 7 for x64-based Systems Service Pack 1Security Only (Internet Explorer 11)