This vulnerability allows attackers to remotely execute arbitrary code in a vulnerable system. It exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code. An attacker may host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer, and then form a scheme to get vulnerable users to visit that website.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
MS Bulletin ID
DPI Rule Number
DPI Rule Name
Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability (CVE-2013-1347)
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.