Lucene search

K
kasperskyKaspersky LabKLA10844
HistoryJul 12, 2016 - 12:00 a.m.

KLA10844 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

2016-07-1200:00:00
Kaspersky Lab
threats.kaspersky.com
24

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.929

Percentile

99.1%

Multiple serious vulnerabilities have been found in Microsoft browsers. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. An improper memory objects handling can be exploited via a specially designed content to execute arbitrary code;
  2. Lack of ports restrictions can be exploited remotely via a specially designed content to trick user into connecting to the remote system;
  3. Multiple memory corruption vulnerabilities can be exploited remotely via a specially designed content to execute arbitrary code;
  4. An improper user-specific conditions validation at XSS Filter can be exploited remotely via a specially designed content to obtain sensitive information;
  5. Lack of HTTP content restrictions can be exploited remotely via a specially designed content to spoof user interface.

Original advisories

CVE-2016-3204

CVE-2016-3248

CVE-2016-3259

CVE-2016-3260

CVE-2016-3261

CVE-2016-3264

CVE-2016-3265

CVE-2016-3269

CVE-2016-3271

CVE-2016-3273

CVE-2016-3274

CVE-2016-3276

CVE-2016-3277

CVE-2016-3240

CVE-2016-3241

CVE-2016-3242

CVE-2016-3243

CVE-2016-3244

CVE-2016-3245

CVE-2016-3246

Related products

Microsoft-Internet-Explorer

Microsoft-Edge

CVE list

CVE-2016-3204 critical

CVE-2016-3248 critical

CVE-2016-3259 critical

CVE-2016-3260 critical

CVE-2016-3261 warning

CVE-2016-3264 critical

CVE-2016-3265 critical

CVE-2016-3269 critical

CVE-2016-3271 warning

CVE-2016-3273 warning

CVE-2016-3274 warning

CVE-2016-3276 warning

CVE-2016-3277 warning

CVE-2016-3240 critical

CVE-2016-3241 critical

CVE-2016-3242 critical

CVE-2016-3243 critical

CVE-2016-3244 warning

CVE-2016-3245 warning

CVE-2016-3246 critical

KB list

3172985

3163912

3169658

3170106

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Microsoft Internet Explorer version from 9 through 11Microsoft Edge

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.929

Percentile

99.1%