Kaspersky LabKLA10771KLA10771 Multiple vulnerabilities in Microsoft Internet Explorer and Edge
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.892 High
EPSS
Percentile
98.8%
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
- An improper memory objects access can be exploited remotely via a specially designed website to execute arbitrary code;
- An improper referrer policy handling can be exploited remotely via a specially designed website to obtain sensitive information.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
CVE-2016-0130 critical
CVE-2016-0129 critical
CVE-2016-0125 warning
CVE-2016-0124 critical
CVE-2016-0123 critical
CVE-2016-0107 critical
CVE-2016-0103 critical
CVE-2016-0113 critical
CVE-2016-0114 critical
CVE-2016-0111 critical
CVE-2016-0112 critical
CVE-2016-0102 critical
CVE-2016-0110 critical
CVE-2016-0104 critical
CVE-2016-0108 critical
CVE-2016-0106 critical
CVE-2016-0105 critical
CVE-2016-0109 critical
CVE-2016-0116 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Microsoft Internet Explorer versions from 9 through 11Microsoft Edge
References
support.microsoft.com/kb/3139929
support.microsoft.com/kb/3140745
support.microsoft.com/kb/3140768
support.microsoft.com/kb/3142015
support.microsoft.com/kb/3142019
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0102
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0103
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0104
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0105
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0106
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0107
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0108
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0109
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0110
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0111
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0112
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0113
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0114
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0116
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0123
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0124
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0125
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0129
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0130
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Edge/
threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/
Related
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.892 High
EPSS
Percentile
98.8%