Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10858
HistoryAug 09, 2016 - 12:00 a.m.

KLA10858 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

2016-08-0900:00:00
Kaspersky Lab
threats.kaspersky.com
94

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.942 High

EPSS

Percentile

99.1%

JSON

Detect date:

08/09/2016

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.

Affected products:

Microsoft Internet Explorer versions 9 through 11
Microsoft Edge

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-3322
CVE-2016-3321
CVE-2016-3319
CVE-2016-3296
CVE-2016-3293
CVE-2016-3290
CVE-2016-3289
CVE-2016-3288
CVE-2016-3329
CVE-2016-3327
CVE-2016-3326

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2016-33227.6Critical
CVE-2016-33211.9Warning
CVE-2016-33199.3Critical
CVE-2016-32967.6Critical
CVE-2016-32937.6Critical
CVE-2016-32907.6Critical
CVE-2016-32897.6Critical
CVE-2016-32887.6Critical
CVE-2016-33292.6Warning
CVE-2016-33272.6Warning
CVE-2016-33262.6Warning

Microsoft official advisories:

KB list:

4038788
3176495
3176492
3176493
3175443
4022719
4022726
4022714
4021558
4022724
4022727
4022715

Exploitation:

Public exploits exist for this vulnerability.

References

Related

openvas 4
nessus 4
mskb 16
prion 11
cve 11
symantec 11
zdi 3
checkpoint_advisories 9
mscve 11
kaspersky 2
zdt 1
seebug 1
thn 1
talos 1
github 1
osv 1
threatpost 1
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (3177356)
2016-08-10 00:00:00
Microsoft Edge Multiple Vulnerabilities (3177358)
2016-08-10 00:00:00
Microsoft Windows PDF Library Remote Code Execution Vulnerability (3182248)
2016-08-10 00:00:00
nessus
nessus
MS16-095: Cumulative Security Update for Internet Explorer (3177356)
2016-08-09 00:00:00
MS16-096: Cumulative Security Update for Microsoft Edge (3177358)
2016-08-09 00:00:00
MS16-102: Security Update for Microsoft Windows PDF Library (3182248)
2016-08-09 00:00:00
mskb
mskb
MS16-095: Cumulative security update for Internet Explorer: August 9, 2016
2016-08-09 00:00:00
MS16-095: Security update for Internet Explorer: August 9, 2016
2016-08-09 07:00:00
MS16-096: Cumulative security update for Microsoft Edge: August 9, 2016
2016-08-09 00:00:00
prion
prion
Memory corruption
2016-08-09 21:59:00
Memory corruption
2016-08-09 21:59:00
Memory corruption
2016-08-09 21:59:00
cve
cve
CVE-2016-3322
2016-08-09 21:59:00
CVE-2016-3288
2016-08-09 21:59:00
CVE-2016-3289
2016-08-09 21:59:00
symantec
symantec
Microsoft Internet Explorer and Edge CVE-2016-3322 Remote Memory Corruption Vulnerability
2016-08-09 00:00:00
Microsoft Internet Explorer CVE-2016-3321 Local Information Disclosure Vulnerability
2016-08-09 00:00:00
Microsoft Windows and Edge CVE-2016-3319 Remote Code Execution Vulnerability
2016-08-09 00:00:00
zdi
zdi
Microsoft Internet Explorer CACPCache Use-After-Free Remote Code Execution Vulnerability
2016-08-09 00:00:00
Microsoft Internet Explorer CAnchor Use-After-Free Remote Code Execution Vulnerability
2016-08-09 00:00:00
Microsoft Edge GetRefererUrl Use-After-Free Information Disclosure Vulnerability
2016-08-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Information Disclosure (MS16-095: CVE-2016-3321)
2016-08-09 00:00:00
Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3322)
2016-08-09 00:00:00
Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3288)
2016-08-09 00:00:00
mscve
mscve
Internet Explorer Information Disclosure Vulnerability
2016-08-09 07:00:00
Windows PDF Remote Code Execution Vulnerability
2016-08-09 07:00:00
Microsoft Browser Memory Corruption Vulnerability
2016-08-09 07:00:00
kaspersky
kaspersky
KLA11908 Multiple vulnerabilities in Microsoft Products (ESU)
2016-08-09 00:00:00
KLA10856 Multiple vulnerabilities in Microsoft Windows
2016-08-09 00:00:00
zdt
zdt
Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Rea
2016-08-16 00:00:00
seebug
seebug
Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability(CVE-2016-3319)
2017-10-13 00:00:00
thn
thn
Microsoft Releases 9 Security Updates to Patch 34 Vulnerabilities
2016-08-09 21:38:00
talos
talos
Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability
2016-08-09 00:00:00
github
github
ChakraCore RCE Vulnerability
2022-05-14 02:23:44
osv
osv
ChakraCore RCE Vulnerability
2022-05-14 02:23:44
threatpost
threatpost
August 2016 Microsoft Patch Tuesday Security Bulletins
2016-08-09 14:59:55

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.942 High

EPSS

Percentile

99.1%

JSON
Related for KLA10858
openvas4nessus4mskb16prion11cve11symantec11zdi3checkpoint_advisories9mscve11kaspersky2zdt1seebug1thn1talos1github1osv1threatpost1