Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10920
HistoryDec 13, 2016 - 12:00 a.m.

KLA10920 Multiple vulnerabilities in Microsoft Browser

2016-12-1300:00:00
Kaspersky Lab
threats.kaspersky.com
64

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.901 High

EPSS

Percentile

98.7%

JSON

Detect date:

12/13/2016

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code.

Affected products:

Internet Explorer 9
Microsoft Windows Hyperlink Object Library
Internet Explorer 11
Internet Explorer 10
Microsoft Edge (EdgeHTML-based)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-7281
CVE-2016-7280
CVE-2016-7279
CVE-2016-7278
CVE-2016-7297
CVE-2016-7181
CVE-2016-7206
CVE-2016-7296
CVE-2016-7288
CVE-2016-7287
CVE-2016-7286
CVE-2016-7284
CVE-2016-7283
CVE-2016-7282

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2016-72812.6Warning
CVE-2016-72804.3Warning
CVE-2016-72797.6Critical
CVE-2016-72782.6Warning
CVE-2016-72977.6Critical
CVE-2016-71817.6Critical
CVE-2016-72064.3Warning
CVE-2016-72967.6Critical
CVE-2016-72887.6Critical
CVE-2016-72877.6Critical
CVE-2016-72867.6Critical
CVE-2016-72844.3Warning
CVE-2016-72839.3Critical
CVE-2016-72824.3Warning

Microsoft official advisories:

KB list:

3205386
3205383
3205401
3205400
3205408
3205409
3207752
3205394
3206632
4338825
4338819
4338826

Exploitation:

Public exploits exist for this vulnerability.

References

Related

openvas 5
mskb 16
nessus 2
prion 14
cvelist 14
cve 14
thn 1
threatpost 1
kaspersky 2
checkpoint_advisories 11
myhack58 1
symantec 14
zdt 3
mscve 14
seebug 1
zdi 1
srcincite 1
openvas
openvas
Microsoft Edge Multiple Vulnerabilities (3204062)
2016-12-14 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (3204059)
2016-12-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4338826)
2018-07-11 00:00:00
mskb
mskb
MS16-145: Cumulative security update for Microsoft Edge: December 13, 2016
2016-12-13 00:00:00
MS16-144: Cumulative security update for Internet Explorer: December 13, 2016
2016-12-13 00:00:00
Security update 2016-12-13
2016-12-13 08:00:00
nessus
nessus
MS16-145: Cumulative Security Update for Microsoft Edge (3204062)
2016-12-14 00:00:00
MS16-144: Cumulative Security Update for Internet Explorer (3204059)
2016-12-13 00:00:00
prion
prion
Memory corruption
2016-12-20 06:59:00
Memory corruption
2016-12-20 06:59:00
Memory corruption
2016-12-20 06:59:00
cvelist
cvelist
CVE-2016-7296
2016-12-20 05:54:00
CVE-2016-7286
2016-12-20 05:54:00
CVE-2016-7288
2016-12-20 05:54:00
cve
cve
CVE-2016-7296
2016-12-20 06:59:00
CVE-2016-7297
2016-12-20 06:59:00
CVE-2016-7286
2016-12-20 06:59:00
thn
thn
Microsoft releases 12 Security Updates; Including 6 Critical Patches
2016-12-14 01:07:00
threatpost
threatpost
Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities
2016-12-13 15:27:58
kaspersky
kaspersky
KLA11904 Multiple vulnerabilities in Microsoft Products (ESU)
2016-12-13 00:00:00
KLA10924 Privilege escalation and information disclosure vulnerabilities in Microsoft Windows
2016-12-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Information Disclosure (MS16-144: CVE-2016-7278)
2016-12-13 00:00:00
Microsoft Browser Scripting Engine Memory Corruption (MS16-145: CVE-2016-7287)
2016-12-13 00:00:00
Microsoft Browser Information Disclosure (MS16-145: CVE-2016-7206)
2016-12-13 00:00:00
myhack58
myhack58
MS16-145: Edge browser the TypedArray. sort UAF vulnerability analysis-vulnerability warning-the black bar safety net
2017-05-08 00:00:00
symantec
symantec
Microsoft Internet Explorer and Edge CVE-2016-7287 Remote Memory Corruption Vulnerability
2016-12-13 00:00:00
Microsoft Internet Explorer CVE-2016-7278 Information Disclosure Vulnerability
2016-12-13 00:00:00
Microsoft Edge CVE-2016-7280 Information Disclosure Vulnerability
2016-12-13 00:00:00
zdt
zdt
Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145) Exploit
2017-02-14 00:00:00
Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144) Exploit
2016-12-21 00:00:00
Microsoft Edge - SIMD.toLocaleString Uninitialized Memory (MS16-145) Exploit
2016-12-21 00:00:00
mscve
mscve
Microsoft Browser Information Disclosure Vulnerability
2016-12-13 08:00:00
Scripting Engine Memory Corruption Vulnerability
2016-12-13 08:00:00
Microsft Browser Information Disclosure Vulnerability
2016-12-13 08:00:00
seebug
seebug
Microsoft Edge: Use-after-free in TypedArray.sort(CVE-2016-7288οΌ‰
2017-04-19 00:00:00
zdi
zdi
Microsoft Windows JavaScript Array.concat Type Confusion Information Disclosure Vulnerability
2017-01-20 00:00:00
srcincite
srcincite
SRC-2016-0045 : Microsoft Internet Explorer HyperlinkString Out-Of-Bounds Read Information Disclosure Vulnerability
2016-09-21 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.901 High

EPSS

Percentile

98.7%

JSON
Related for KLA10920
openvas5mskb16nessus2prion14cvelist14cve14thn1threatpost1kaspersky2checkpoint_advisories11myhack581symantec14zdt3mscve14seebug1zdi1srcincite1