Lucene search

K
kasperskyKaspersky LabKLA10771
HistoryMar 08, 2016 - 12:00 a.m.

KLA10771 Multiple vulnerabilities in Microsoft Internet Explorer and Edge

2016-03-0800:00:00
Kaspersky Lab
threats.kaspersky.com
19

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.892 High

EPSS

Percentile

98.8%

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. An improper memory objects access can be exploited remotely via a specially designed website to execute arbitrary code;
  2. An improper referrer policy handling can be exploited remotely via a specially designed website to obtain sensitive information.

Original advisories

CVE-2016-0130

CVE-2016-0129

CVE-2016-0125

CVE-2016-0124

CVE-2016-0123

CVE-2016-0107

CVE-2016-0103

CVE-2016-0113

CVE-2016-0114

CVE-2016-0111

CVE-2016-0112

CVE-2016-0102

CVE-2016-0110

CVE-2016-0104

CVE-2016-0108

CVE-2016-0106

CVE-2016-0105

CVE-2016-0109

CVE-2016-0116

Exploitation

Public exploits exist for this vulnerability.

Related products

Microsoft-Internet-Explorer

Microsoft-Edge

CVE list

CVE-2016-0130 critical

CVE-2016-0129 critical

CVE-2016-0125 warning

CVE-2016-0124 critical

CVE-2016-0123 critical

CVE-2016-0107 critical

CVE-2016-0103 critical

CVE-2016-0113 critical

CVE-2016-0114 critical

CVE-2016-0111 critical

CVE-2016-0112 critical

CVE-2016-0102 critical

CVE-2016-0110 critical

CVE-2016-0104 critical

CVE-2016-0108 critical

CVE-2016-0106 critical

CVE-2016-0105 critical

CVE-2016-0109 critical

CVE-2016-0116 critical

KB list

3140768

3140745

3142019

3142015

3139929

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Microsoft Internet Explorer versions from 9 through 11Microsoft Edge

References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.892 High

EPSS

Percentile

98.8%