Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10875
HistorySep 13, 2016 - 12:00 a.m.

KLA10875 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

2016-09-1300:00:00
Kaspersky Lab
threats.kaspersky.com
50

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.961 High

EPSS

Percentile

99.5%

JSON

Detect date:

09/13/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or obtain sensitive information.

Affected products:

Microsoft Internet Explorer versions from 9 through 11
Microsoft Edge

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-3247
CVE-2016-3291
CVE-2016-3292
CVE-2016-3294
CVE-2016-3295
CVE-2016-3370
CVE-2016-3374
CVE-2016-3324
CVE-2016-3375
CVE-2016-3330
CVE-2016-3325
CVE-2016-3297
CVE-2016-3350
CVE-2016-3351
CVE-2016-3353
CVE-2016-3377

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2016-32475.1High
CVE-2016-32912.6Warning
CVE-2016-32925.1High
CVE-2016-32947.6Critical
CVE-2016-32955.1High
CVE-2016-33704.3Warning
CVE-2016-33744.3Warning
CVE-2016-33246.8High
CVE-2016-33757.6Critical
CVE-2016-33307.6Critical
CVE-2016-33252.6Warning
CVE-2016-32976.8High
CVE-2016-33507.6Critical
CVE-2016-33512.6Warning
CVE-2016-33535.1High
CVE-2016-33777.6Critical

Microsoft official advisories:

KB list:

3185611
3185614
3189866
3185319

Exploitation:

Public exploits exist for this vulnerability.

References

Related

mskb 10
nessus 4
openvas 4
prion 16
cve 16
osv 2
github 2
kaspersky 2
checkpoint_advisories 12
thn 1
attackerkb 1
cisa_kev 1
symantec 16
threatpost 3
zdi 8
mscve 16
seebug 1
zdt 3
packetstorm 3
srcincite 1
qualysblog 1
mskb
mskb
MS16-105: Cumulative security update for Microsoft Edge: September 13, 2016
2016-09-13 00:00:00
MS16-104: Cumulative security update for Internet Explorer: September 13, 2016
2016-09-13 00:00:00
MS16-104: Security update for Internet Explorer: September 13, 2016
2016-09-13 07:00:00
nessus
nessus
MS16-105: Cumulative Security Update for Microsoft Edge (3183043)
2016-09-13 00:00:00
MS16-104: Cumulative Security Update for Internet Explorer (3183038)
2016-09-13 00:00:00
MS16-115: Security Update for Microsoft Windows PDF Library (3188733)
2016-09-13 00:00:00
openvas
openvas
Microsoft Edge Multiple Vulnerabities (3183043)
2016-09-14 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (3183038)
2016-09-14 00:00:00
Microsoft Windows PDF Library Multiple Information Disclosure Vulnerabilities (3188733)
2016-09-14 00:00:00
prion
prion
Memory corruption
2016-09-14 10:59:00
Memory corruption
2016-09-14 10:59:00
Memory corruption
2016-09-14 10:59:00
cve
cve
CVE-2016-3350
2016-09-14 10:59:00
CVE-2016-3294
2016-09-14 10:59:00
CVE-2016-3370
2016-09-14 10:59:00
osv
osv
ChakraCore RCE Vulnerability
2022-05-14 02:23:14
ChakraCore RCE Vulnerability
2022-05-14 02:23:18
github
github
ChakraCore RCE Vulnerability
2022-05-14 02:23:18
ChakraCore RCE Vulnerability
2022-05-14 02:23:14
kaspersky
kaspersky
KLA11907 Multiple vulnerabilities in Microsoft Products (ESU)
2016-09-13 00:00:00
KLA10870 Multiple vulnerabilities in Microsoft Windows
2016-09-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Browser Information Disclosure (MS16-104: CVE-2016-3351)
2016-09-13 00:00:00
Microsoft Edge Memory Corruption (MS2016-08: CVE-2016-3294)
2016-09-13 00:00:00
Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3295)
2016-09-13 00:00:00
thn
thn
Microsoft and Adobe Rolls Out Critical Security Updates - Patch Now!
2016-09-13 21:37:00
attackerkb
attackerkb
CVE-2016-3351
2016-09-14 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability
2022-05-24 00:00:00
symantec
symantec
Microsoft Internet Explorer and Edge CVE-2016-3351 Information Disclosure Vulnerability
2016-09-13 00:00:00
Microsoft Internet Explorer CVE-2016-3292 Remote Privilege Escalation Vulnerability
2016-09-13 00:00:00
Microsoft Internet Explorer and Edge CVE-2016-3295 Remote Memory Corruption Vulnerability
2016-09-13 00:00:00
threatpost
threatpost
Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files
2018-04-10 14:48:05
Microsoft Patches Zero Day Used in AdGholas Malvertising Campaigns
2016-09-15 13:48:47
Microsoft Fixes 47 Vulnerabilities with September Patch Tuesday
2016-09-13 16:24:13
zdi
zdi
Microsoft Edge TextNode Use-After-Free Remote Code Execution Vulnerability
2016-09-16 00:00:00
Microsoft Edge CTreePos Type Confusion Remote Code Execution Vulnerability
2016-09-16 00:00:00
Microsoft Internet Explorer Add-on Installer Enhanced Protected Mode Sandbox Escape Vulnerability
2016-09-16 00:00:00
mscve
mscve
Microsoft Browser Memory Corruption Vulnerability
2016-09-13 07:00:00
Microsoft Browser Information Disclosure Vulnerability
2016-09-13 07:00:00
Internet Explorer Elevation of Privilege Vulnerability
2016-09-13 07:00:00
seebug
seebug
MS16-104: Internet Explorer URL files Security Feature Bypass (CVE-2016-3353)
2017-02-24 00:00:00
zdt
zdt
Microsoft Internet Explorer 9-11 MSHTML - PROPERTYDESC::Handle­Style­Component­Property Out-of-Bound
2016-11-11 00:00:00
Microsoft Internet Explorer WININET.dll - CHttp­Header­Parser::Parse­Status­Line Out-of-Bounds Read
2016-11-11 00:00:00
Microsoft Edge CTextExtractor::GetBlockText Out-Of-Bounds Read Exploit
2016-11-19 00:00:00
packetstorm
packetstorm
WININET CHttpHeaderParser::ParseStatusLine Out-Of-Bounds Read
2016-11-10 00:00:00
Microsoft Internet Explorer 9 / 10 / 11 PROPERTYDESC::HandleStyleComponentProperty Out-Of-Bounds
2016-11-10 00:00:00
Microsoft Edge CTextExtractor::GetBlockText Out-Of-Bounds Read
2016-11-19 00:00:00
srcincite
srcincite
SRC-2016-0039 : Microsoft Windows PDF Library PostScript Calculator Out-of-Bounds Read Information Disclosure Vulnerability
2016-06-09 00:00:00
qualysblog
qualysblog
In-Depth Look Into Data-Driven Science Behind Qualys TruRisk
2022-10-10 14:32:29

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.961 High

EPSS

Percentile

99.5%

JSON
Related for KLA10875
mskb10nessus4openvas4prion16cve16osv2github2kaspersky2checkpoint_advisories12thn1attackerkb1cisa_kev1symantec16threatpost3zdi8mscve16seebug1zdt3packetstorm3srcincite1qualysblog1