Lucene search

Kaspersky LabKLA10677

HistoryOct 13, 2015 - 12:00 a.m.

KLA10677 Multiple vulnerabilities in Microsoft Internet Explorer

2015-10-1300:00:00

Kaspersky Lab

threats.kaspersky.com

9.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

Improper memory objects access can be exploited remotely via a specially designed web site to execute arbitrary code;
Improper memory objects handling at script engines can be exploited remotely via a specially designed web site to execute arbitrary code;
Improper permissions validation can be exploited remotely via a specially designed web site to gain privileges;
Improper memory disclosure can be exploited remotely to obtaib sensitive information;
Lack of ASLR restrictions at script engines can be exploited remotely to obtain sensitive information;
Improper memory content disclosure at script engine can be exploited remotely via a specially designed web site to obtain sensitive information.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

CVE list

CVE-2015-2482 critical

CVE-2015-6055 critical

CVE-2015-6059 warning

CVE-2015-6052 warning

CVE-2015-6044 high

CVE-2015-6047 high

CVE-2015-6056 critical

CVE-2015-6053 critical

CVE-2015-6050 critical

CVE-2015-6051 warning

CVE-2015-6048 critical

CVE-2015-6049 critical

CVE-2015-6046 warning

CVE-2015-6042 critical

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.