ID CVE-2015-6176 Type cve Reporter NVD Modified 2017-09-12T21:29:04
Description
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."
{"symantec": [{"lastseen": "2018-03-13T12:08:06", "references": [], "description": "### Description\n\nMicrosoft Edge is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script code in the context of the user running the application. This may allow the attacker to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks. Other attacks are possible.\n\n### Technologies Affected\n\n * Microsoft Edge \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nRun all non-administrative software as a non-administrative user with the least amount of privileges required to successfully operate. This will greatly reduce the potential damage that successful exploitation may achieve.\n\n**Do not follow links provided by unknown or untrusted sources.** \nNever follow links provided by unknown or untrusted sources.\n\n**Set web browser security to disable the execution of script code or active content.** \nSince the exploitation of some of these issues allows the execution of malicious script code in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect websites that rely on the execution of browser-based script code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "reporter": "Symantec Security Response", "published": "2015-12-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "symantec", "title": "Microsoft Edge XSS Filter CVE-2015-6176 Security Bypass Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft Windows", "version": "10 for x64-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "10 for 32-bit Systems ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "10 version 1511 for x64-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "10 version 1511 for 32-bit Systems ", "operator": "eq"}], "cvelist": ["CVE-2015-6176"], "modified": "2015-12-08T00:00:00", "id": "SMNTC-78518", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/78518", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-02T00:09:15", "references": ["https://technet.microsoft.com/library/security/MS15-125"], "pluginID": "87254", "description": "The version of Microsoft Edge installed on the remote host is missing Cumulative Security Update 3116184. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "edition": 7, "reporter": "Tenable", "published": "2015-12-08T00:00:00", "title": "MS15-125: Cumulative Security Update for Microsoft Edge (3116184)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6139", "CVE-2015-6154", "CVE-2015-6168", "CVE-2015-6148", "CVE-2015-6155", "CVE-2015-6142", "CVE-2015-6161", "CVE-2015-6158", "CVE-2015-6140", "CVE-2015-6151", "CVE-2015-6169", "CVE-2015-6159", "CVE-2015-6176", "CVE-2015-6170", "CVE-2015-6153"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS15-125.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87254);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/30 15:31:33\");\n\n script_cve_id(\n \"CVE-2015-6139\",\n \"CVE-2015-6140\",\n \"CVE-2015-6142\",\n \"CVE-2015-6148\",\n \"CVE-2015-6151\",\n \"CVE-2015-6153\",\n \"CVE-2015-6154\",\n \"CVE-2015-6155\",\n \"CVE-2015-6158\",\n \"CVE-2015-6159\",\n \"CVE-2015-6161\",\n \"CVE-2015-6168\",\n \"CVE-2015-6169\",\n \"CVE-2015-6170\",\n \"CVE-2015-6176\"\n );\n script_bugtraq_id(\n 78501,\n 78511,\n 78517,\n 78518,\n 78527,\n 78528,\n 78529,\n 78530,\n 78531,\n 78532,\n 78533,\n 78534,\n 78535,\n 78536,\n 78537\n );\n script_xref(name:\"MSFT\", value:\"MS15-125\");\n script_xref(name:\"MSKB\", value:\"3116869\");\n script_xref(name:\"MSKB\", value:\"3116900\");\n\n script_name(english:\"MS15-125: Cumulative Security Update for Microsoft Edge (3116184)\");\n script_summary(english:\"Checks the file version of edgehtml.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote host is missing\nCumulative Security Update 3116184. It is, therefore, affected by\nmultiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these issues by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/MS15-125\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS15-125';\nkbs = make_list('3116869', '3116900'); # Cumulative update for Windows 10: December 08, 2015\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\n# Server core is not affected\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n# Windows 10\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"edgehtml.dll\", version:\"11.0.10586.20\", min_version:\"11.0.10586.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"3116900\") ||\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"edgehtml.dll\", version:\"11.0.10240.16603\", dir:\"\\system32\", bulletin:bulletin, kb:\"3116869\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:48:13", "references": ["https://technet.microsoft.com/library/security/MS15-125", "https://support.microsoft.com/en-us/kb/3116900", "https://support.microsoft.com/en-us/kb/3116869"], "pluginID": "1361412562310807023", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-125.", "edition": 3, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-05T00:00:00", "title": "Microsoft Edge Multiple Vulnerabilities (3116184)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6139", "CVE-2015-6154", "CVE-2015-6168", "CVE-2015-6148", "CVE-2015-6155", "CVE-2015-6142", "CVE-2015-6161", "CVE-2015-6158", "CVE-2015-6140", "CVE-2015-6151", "CVE-2015-6169", "CVE-2015-6159", "CVE-2015-6176", "CVE-2015-6170", "CVE-2015-6153"], "modified": "2017-03-13T00:00:00", "id": "OPENVAS:1361412562310807023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms15-125.nasl 5557 2017-03-13 10:00:29Z teissa $\n#\n# Microsoft Edge Multiple Vulnerabilities (3116184)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807023\");\n script_version(\"$Revision: 5557 $\");\n script_cve_id(\"CVE-2015-6139\", \"CVE-2015-6140\", \"CVE-2015-6142\", \"CVE-2015-6148\",\n \"CVE-2015-6151\", \"CVE-2015-6153\", \"CVE-2015-6154\", \"CVE-2015-6155\",\n \"CVE-2015-6158\", \"CVE-2015-6159\", \"CVE-2015-6161\", \"CVE-2015-6168\",\n \"CVE-2015-6169\", \"CVE-2015-6170\", \"CVE-2015-6176\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-13 11:00:29 +0100 (Mon, 13 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-05 09:19:35 +0530 (Tue, 05 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Edge Multiple Vulnerabilities (3116184)\");\n\n script_tag(name: \"summary\" , value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-125.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the vulnerable file version and check\n appropriate patch is applied or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists due to,\n - Multiple improper memory object handling errors.\n - Microsoft Edge does not properly enforce content types.\n - Error in handling exceptions when dispatching certain window messages.\n - Microsoft Edge does not properly parse HTTP responses.\n - Microsoft Edge does not properly validate permissions under specific\n condition.\n - Microsoft Edge mishandles HTML attributes in HTTP responses.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or cause a denial of service, run arbitrary\n script with elevated privileges, to bypass the ASLR protection mechanism, to\n redirect users to arbitrary web sites, to gain privileges, to bypass a\n cross-site scripting (XSS) protection mechanism.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"\n Microsoft Edge on Windows 10 x32/x64\n Microsoft Windows 10 Version 1511 x32/x64\");\n\n script_tag(name: \"solution\" , value:\"Run Windows Update and update the listed\n hotfixes or download and update mentioned hotfixes in the advisory from the\n link, https://technet.microsoft.com/library/security/MS15-125\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"https://support.microsoft.com/en-us/kb/3116869\");\n script_xref(name : \"URL\" , value : \"https://support.microsoft.com/en-us/kb/3116900\");\n script_xref(name : \"URL\" , value : \"https://technet.microsoft.com/library/security/MS15-125\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_microsoft_edge_detect.nasl\");\n script_mandatory_keys(\"MS/Edge/Installed\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\nsysPath = \"\";\ndllVer = \"\";\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\n## Get System Path\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\n## Get Version from Mshtml.dll\ndllVer = fetch_file_version(sysPath, file_name:\"system32\\edgehtml.dll\");\nif(!dllVer){\n exit(0);\n}\n\n## Windows 10\nif(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n ## Windows 10 Core\n ## Check for edgehtml.dll version\n if(version_is_less(version:dllVer, test_version:\"11.0.10240.16603\"))\n {\n Vulnerable_range = \"Less than 11.0.10240.16603\";\n VULN = TRUE ;\n }\n\n ## Windows 10 version 1511\n ## Check for edgehtml.dll version\n else if(version_in_range(version:dllVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.19\"))\n {\n Vulnerable_range = \"11.0.10586.0 - 11.0.10586.19\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\system32\\edgehtml.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-09-13T06:47:40", "references": [], "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n12/08/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions 7 through 11 \nMicrosoft Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-6135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6135>) \n[CVE-2015-6136](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6136>) \n[CVE-2015-6134](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6134>) \n[CVE-2015-6140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6140>) \n[CVE-2015-6155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6155>) \n[CVE-2015-6083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6083>) \n[CVE-2015-6138](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6138>) \n[CVE-2015-6169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6169>) \n[CVE-2015-6168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6168>) \n[CVE-2015-6176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6176>) \n[CVE-2015-6170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6170>) \n[CVE-2015-6153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6153>) \n[CVE-2015-6152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6152>) \n[CVE-2015-6151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6151>) \n[CVE-2015-6150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6150>) \n[CVE-2015-6149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6149>) \n[CVE-2015-6148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6148>) \n[CVE-2015-6147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6147>) \n[CVE-2015-6146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6146>) \n[CVE-2015-6145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6145>) \n[CVE-2015-6144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6144>) \n[CVE-2015-6142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6142>) \n[CVE-2015-6143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6143>) \n[CVE-2015-6162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6162>) \n[CVE-2015-6164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6164>) \n[CVE-2015-6160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6160>) \n[CVE-2015-6161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6161>) \n[CVE-2015-6154](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6154>) \n[CVE-2015-6141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6141>) \n[CVE-2015-6156](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6156>) \n[CVE-2015-6157](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6157>) \n[CVE-2015-6158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6158>) \n[CVE-2015-6159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6159>) \n[CVE-2015-6139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6139>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2015-6135](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6135>) \n[CVE-2015-6136](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6136>) \n[CVE-2015-6134](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6134>) \n[CVE-2015-6140](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6140>) \n[CVE-2015-6155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6155>) \n[CVE-2015-6083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6083>) \n[CVE-2015-6138](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6138>) \n[CVE-2015-6169](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6169>) \n[CVE-2015-6168](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6168>) \n[CVE-2015-6176](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6176>) \n[CVE-2015-6170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6170>) \n[CVE-2015-6153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6153>) \n[CVE-2015-6152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6152>) \n[CVE-2015-6151](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6151>) \n[CVE-2015-6150](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6150>) \n[CVE-2015-6149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6149>) \n[CVE-2015-6148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6148>) \n[CVE-2015-6147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6147>) \n[CVE-2015-6146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6146>) \n[CVE-2015-6145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6145>) \n[CVE-2015-6144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6144>) \n[CVE-2015-6142](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6142>) \n[CVE-2015-6143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6143>) \n[CVE-2015-6162](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6162>) \n[CVE-2015-6164](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6164>) \n[CVE-2015-6160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6160>) \n[CVE-2015-6161](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6161>) \n[CVE-2015-6154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6154>) \n[CVE-2015-6141](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6141>) \n[CVE-2015-6156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6156>) \n[CVE-2015-6157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6157>) \n[CVE-2015-6158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6158>) \n[CVE-2015-6159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6159>) \n[CVE-2015-6139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6139>) \n\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3116900](<http://support.microsoft.com/kb/3116900>) \n[3116869](<http://support.microsoft.com/kb/3116869>) \n[3105579](<http://support.microsoft.com/kb/3105579>) \n[3105578](<http://support.microsoft.com/kb/3105578>) \n[3104002](<http://support.microsoft.com/kb/3104002>) \n[3116184](<http://support.microsoft.com/kb/3116184>) \n[3116180](<http://support.microsoft.com/kb/3116180>)", "edition": 13, "reporter": "Kaspersky Lab", "published": "2015-12-08T00:00:00", "title": "\r KLA10720Multiple vulnerabilities in Microsoft Internet Explorer & Edge ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-6139", "CVE-2015-6154", "CVE-2015-6144", "CVE-2015-6157", "CVE-2015-6150", "CVE-2015-6162", "CVE-2015-6146", "CVE-2015-6168", "CVE-2015-6148", "CVE-2015-6147", "CVE-2015-6136", "CVE-2015-6155", "CVE-2015-6142", "CVE-2015-6138", "CVE-2015-6160", "CVE-2015-6161", "CVE-2015-6149", "CVE-2015-6164", "CVE-2015-6083", "CVE-2015-6135", "CVE-2015-6158", "CVE-2015-6143", "CVE-2015-6140", "CVE-2015-6151", "CVE-2015-6134", "CVE-2015-6169", "CVE-2015-6159", "CVE-2015-6152", "CVE-2015-6176", "CVE-2015-6170", "CVE-2015-6141", "CVE-2015-6145", "CVE-2015-6153", "CVE-2015-6156"], "modified": "2018-09-10T00:00:00", "id": "KLA10720", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10720", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
