| Vulnerability Name: | CVE-2013-4015 (CCN-85762) | ||||||||
| Assigned: | 2013-07-09 | ||||||||
| Published: | 2013-07-09 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-4015 Source: CCN Type: Microsoft Security Bulletin MS13-055 Cumulative Security Update for Internet Explorer (2846071) Source: CCN Type: Microsoft Security Bulletin MS13-059 Cumulative Security Update for Internet Explorer (2862772) Source: CCN Type: Microsoft Security Bulletin MS13-069 Cumulative Security Update for Internet Explorer (2870699) Source: CCN Type: Microsoft Security Bulletin MS13-080 Cumulative Security Update for Internet Explorer (2879017) Source: CCN Type: IBM Security Protection Advisory Microsoft Internet Explorer Sandbox Bypass Source: CCN Type: BID-61482 Microsoft Internet Explorer Sandbox Security Bypass Vulnerability Source: MS Type: UNKNOWN MS13-055 Source: XF Type: UNKNOWN msie-cve20134015-sandbox-bypass(85762) Source: XF Type: UNKNOWN msie-cve20134015-sandbox-bypass(85762) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||