Kaspersky LabKLA10720KLA10720 Multiple vulnerabilities in Microsoft Internet Explorer & Edge
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.3 High
AI Score
Confidence
High
0.951 High
EPSS
Percentile
99.3%
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.
Below is a complete list of vulnerabilities
- Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code;
- Lack of content type enforcement can be exploited remotely via a specially designed web content to gain privileges;
- Lack of Address Space Layout Randomization enforcement can be exploited remotely via a specially designed web content to bypass security feature;
- Improper HTTP responses parsing can be exploited remotely via a specially designed URL to spoof user interface;
- Improper permissions validation can be exploited remotely via a specially designed web content to gain privileges;
- Improper HTML disabling can be exploited remotely via a specially designed web content to inject arbitrary code;
- Improper memory handling at VBScript can be exploited remotely via a specially designed web content to obtain sensitive information or execute arbitrary code.
Technical details
There some technical notes for vulnerability (3) you can read in MS15-124 listed in original advisories section.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2015-6135 critical
CVE-2015-6136 critical
CVE-2015-6134 critical
CVE-2015-6140 critical
CVE-2015-6155 critical
CVE-2015-6083 critical
CVE-2015-6138 warning
CVE-2015-6169 warning
CVE-2015-6168 critical
CVE-2015-6176 warning
CVE-2015-6170 high
CVE-2015-6153 critical
CVE-2015-6152 critical
CVE-2015-6151 critical
CVE-2015-6150 critical
CVE-2015-6149 critical
CVE-2015-6148 critical
CVE-2015-6147 critical
CVE-2015-6146 critical
CVE-2015-6145 critical
CVE-2015-6144 warning
CVE-2015-6142 critical
CVE-2015-6143 critical
CVE-2015-6162 critical
CVE-2015-6164 high
CVE-2015-6160 critical
CVE-2015-6161 warning
CVE-2015-6154 critical
CVE-2015-6141 critical
CVE-2015-6156 critical
CVE-2015-6157 warning
CVE-2015-6158 critical
CVE-2015-6159 critical
CVE-2015-6139 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- CI
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Microsoft Internet Explorer versions 7 through 11Microsoft Edge
References
support.microsoft.com/kb/3104002
support.microsoft.com/kb/3105578
support.microsoft.com/kb/3105579
support.microsoft.com/kb/3116180
support.microsoft.com/kb/3116184
support.microsoft.com/kb/3116869
support.microsoft.com/kb/3116900
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6083
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6134
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6135
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6136
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6138
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6139
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6140
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6141
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6142
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6143
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6144
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6145
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6146
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6147
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6148
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6149
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6150
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6151
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6152
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6153
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6154
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6155
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6156
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6157
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6158
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6159
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6160
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6161
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6162
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6164
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6168
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6169
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6170
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6176
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.3 High
AI Score
Confidence
High
0.951 High
EPSS
Percentile
99.3%