CVE-2013-4015
First published: Fri Jul 26 2013(Updated: )
Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =6 | |
| Internet Explorer | =7 | |
| Internet Explorer | =8 | |
| Internet Explorer | =9 | |
| Internet Explorer | =10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-4015?
CVE-2013-4015 has a severity rating that indicates a significant potential for privilege escalation due to a bypass in the elevation policy check.
How do I fix CVE-2013-4015?
To fix CVE-2013-4015, users should apply the latest security updates provided by Microsoft for Internet Explorer.
What versions of Internet Explorer are affected by CVE-2013-4015?
CVE-2013-4015 affects Internet Explorer versions 6 through 10.
What is the exploit mechanism of CVE-2013-4015?
The exploit mechanism of CVE-2013-4015 involves bypassing the elevation policy checks in Protected Mode and Enhanced Protected Mode.
Can local users exploit CVE-2013-4015 to gain privileges?
Yes, local users can exploit CVE-2013-4015 to bypass security mechanisms and gain elevated privileges.
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/6
- version/internet explorer/7
- version/internet explorer/8
- version/internet explorer/9
- version/internet explorer/10