BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Internet Explorer 9/10 Recycler::ProcessMark Information Disclosure

Disclosed July 29, 2013    Zeroday : 452 days

Vulnerability Description:

Internet Explorer 9 and 10 contain an information disclosure vulnerability that may allow a remote attacker to gain access to sensitive information, such as memory addresses and memory contents. This vulnerability is caused by the mark and sweep algorithm within the JavaScript component in Internet Explorer, which incorrectly does not mark some objects, allowing them to persist in memory.

Vendors:

Microsoft

Vulnerable Software/Devices:

Internet Explorer 9 and 10

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Information Disclosure
This vulnerability may be used by attackers to reveal memory addresses and other useful information to help supplement an exploit targeting another vulnerability. Because this vulnerability discloses sensitive memory information, an attacker may use this to bypass defensive measures, such as ASLR.

BeyondTrust Prevention and Detection:

 BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 31257 - Microsoft Internet Explorer Information Disclosure (Zero-Day)

Mitigation:

Avoid using Internet Explorer 9 and 10 when possible. 

Links:

CVE(s):

None