KLA10697 Multiple vulnerabilities in Microsoft Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

1. Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code
2. Improper memory handling at VBScript and JScript engines can be exploited remotely via a specially designed web content or ActiveX control to execute arbitrary code;
3. Improper memory content disclosure can be exploited remotely via a specially designed web content to obtain sensitive information;
4. Improper Address Space Layout Randomization can be exploited remotely via a specially designed web content to bypass security restrictions.

Technical details

To mitigate vulnerability (2) access to VBScript.dll and JScript.dll can be restricted. For further details look at original advisory.

Original advisories

CVE-2015-6064

CVE-2015-6078

CVE-2015-6088

CVE-2015-6073

CVE-2015-6087

CVE-2015-6066

CVE-2015-6068

CVE-2015-6065

CVE-2015-6071

CVE-2015-6072

CVE-2015-6069

CVE-2015-6070

CVE-2015-6074

CVE-2015-6086

CVE-2015-6077

CVE-2015-6082

CVE-2015-6081

CVE-2015-6080

CVE-2015-6079

CVE-2015-6076

CVE-2015-6075

CVE-2015-2427

CVE-2015-6089

CVE-2015-6085

CVE-2015-6084

Exploitation

Public exploits exist for this vulnerability.

Related products

Microsoft-Internet-Explorer

CVE list

CVE-2015-6064 critical

CVE-2015-6078 critical

CVE-2015-6088 warning

CVE-2015-6073 critical

CVE-2015-6087 critical

CVE-2015-6066 critical

CVE-2015-6068 critical

CVE-2015-6065 critical

CVE-2015-6071 critical

CVE-2015-6072 critical

CVE-2015-6069 critical

CVE-2015-6070 critical

CVE-2015-6074 critical

CVE-2015-6086 warning

CVE-2015-6077 critical

CVE-2015-6082 critical

CVE-2015-6081 critical

CVE-2015-6080 critical

CVE-2015-6079 critical

CVE-2015-6076 critical

CVE-2015-6075 critical

CVE-2015-2427 critical

CVE-2015-6089 critical

CVE-2015-6085 critical

CVE-2015-6084 critical

KB list

3105211

3105213

3104517

3100773

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Internet Explorer versions from 7 through 11