Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10844
HistoryJul 12, 2016 - 12:00 a.m.

KLA10844 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

2016-07-1200:00:00
Kaspersky Lab
threats.kaspersky.com
24

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.945 High

EPSS

Percentile

99.2%

JSON

Detect date:

07/12/2016

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Microsoft browsers. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code or obtain sensitive information.

Affected products:

Microsoft Internet Explorer version from 9 through 11
Microsoft Edge

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-3204
CVE-2016-3248
CVE-2016-3259
CVE-2016-3260
CVE-2016-3261
CVE-2016-3264
CVE-2016-3265
CVE-2016-3269
CVE-2016-3271
CVE-2016-3273
CVE-2016-3274
CVE-2016-3276
CVE-2016-3277
CVE-2016-3240
CVE-2016-3241
CVE-2016-3242
CVE-2016-3243
CVE-2016-3244
CVE-2016-3245
CVE-2016-3246

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2016-32049.3Critical
CVE-2016-32489.3Critical
CVE-2016-32599.3Critical
CVE-2016-32609.3Critical
CVE-2016-32612.6Warning
CVE-2016-32647.6Critical
CVE-2016-32659.3Critical
CVE-2016-32699.3Critical
CVE-2016-32714.3Warning
CVE-2016-32732.6Warning
CVE-2016-32742.6Warning
CVE-2016-32762.6Warning
CVE-2016-32772.6Warning
CVE-2016-32407.6Critical
CVE-2016-32417.6Critical
CVE-2016-32427.6Critical
CVE-2016-32437.6Critical
CVE-2016-32444.3Warning
CVE-2016-32454.3Warning
CVE-2016-32467.6Critical

Microsoft official advisories:

KB list:

3172985
3163912
3169658
3170106

References

Related

openvas 3
mskb 8
nessus 3
kaspersky 2
cve 20
prion 20
github 5
osv 5
checkpoint_advisories 13
symantec 20
mscve 20
zdi 5
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (3169991)
2016-07-13 00:00:00
Microsoft Edge Multiple Vulnerabilities (3169999)
2016-07-13 00:00:00
Microsoft Windows JScript and VBScript Remote Code Execution Vulnerability (3169996)
2016-07-13 00:00:00
mskb
mskb
MS16-084: Security update for Internet Explorer: July 12, 2016
2016-07-12 07:00:00
MS16-084: Cumulative security update for Internet Explorer: July 12, 2016
2016-07-12 00:00:00
MS16-085: Cumulative security update for Microsoft Edge: July 12, 2016
2016-07-12 00:00:00
nessus
nessus
MS16-084: Cumulative Security Update for Internet Explorer (3169991)
2016-07-12 00:00:00
MS16-085: Cumulative Security Update for Microsoft Edge (3169999)
2016-07-12 00:00:00
MS16-086: Cumulative Security Update for JScript and VBScript (3169996)
2016-07-12 00:00:00
kaspersky
kaspersky
KLA11909 Multiple vulnerabilities in Microsoft Products (ESU)
2016-07-12 00:00:00
KLA10843 Code execution vulnerability in Microsoft JScript and VBScript engines
2016-07-12 00:00:00
cve
cve
CVE-2016-3242
2016-07-13 01:59:00
CVE-2016-3240
2016-07-13 01:59:00
CVE-2016-3241
2016-07-13 01:59:00
prion
prion
Memory corruption
2016-07-13 01:59:00
Memory corruption
2016-07-13 01:59:00
Memory corruption
2016-07-13 01:59:00
github
github
ChakraCore RCE Vulnerability
2022-05-14 02:24:13
ChakraCore RCE Vulnerability
2022-05-14 02:24:13
ChakraCore RCE Vulnerability
2022-05-14 02:24:15
osv
osv
ChakraCore RCE Vulnerability
2022-05-14 02:24:13
ChakraCore RCE Vulnerability
2022-05-14 02:24:13
ChakraCore RCE Vulnerability
2022-05-14 02:24:15
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Memory Corruption (MS16-085: CVE-2016-3264)
2016-07-12 00:00:00
Microsoft Internet Explorer Memory Corruption (MS16-084: CVE-2016-3240)
2016-07-12 00:00:00
Microsoft Internet Explorer Memory Corruption (MS16-084: CVE-2016-3242)
2016-07-12 00:00:00
symantec
symantec
Microsoft Internet Explorer and Edge CVE-2016-3264 Remote Memory Corruption Vulnerability
2016-07-12 00:00:00
Microsoft Internet Explorer CVE-2016-3240 Remote Memory Corruption Vulnerability
2016-07-12 00:00:00
Microsoft Edge CVE-2016-3271 Scripting Engine Information Disclosure Vulnerability
2016-07-12 00:00:00
mscve
mscve
Microsoft Browser Memory Corruption Vulnerability
2016-07-12 07:00:00
Internet Explorer Memory Corruption Vulnerability
2016-07-12 07:00:00
Scripting Engine Memory Corruption Vulnerability
2016-07-12 07:00:00
zdi
zdi
Microsoft Edge CGeolocationManager Use-After-Free Remote Code Execution Vulnerability
2016-07-12 00:00:00
Microsoft Internet Explorer CTableLayout AddRow Out-Of-Bounds Read Remote Code Execution Vulnerability
2016-07-12 00:00:00
Microsoft Chakra ArrayBuffer.transfer Uninitialized Buffer Information Leak Vulnerability
2016-07-12 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.945 High

EPSS

Percentile

99.2%

JSON
Related for KLA10844
openvas3mskb8nessus3kaspersky2cve20prion20github5osv5checkpoint_advisories13symantec20mscve20zdi5