Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10967
HistoryMar 14, 2017 - 12:00 a.m.

KLA10967 Multiple vulnerabilities in Microsoft Browser

2017-03-1400:00:00
Kaspersky Lab
threats.kaspersky.com
70

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Detect date:

03/14/2017

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, spoof user interface.

Affected products:

Internet Explorer 9
Internet Explorer 11
Internet Explorer 10
Microsoft Edge (EdgeHTML-based)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-0065
CVE-2017-0066
CVE-2017-0067
CVE-2017-0068
CVE-2017-0069
CVE-2017-0070
CVE-2017-0071
CVE-2017-0094
CVE-2017-0037
CVE-2017-0131
CVE-2017-0132
CVE-2017-0133
CVE-2017-0134
CVE-2017-0135
CVE-2017-0136
CVE-2017-0137
CVE-2017-0138
CVE-2017-0140
CVE-2017-0141
CVE-2017-0150
CVE-2017-0151
CVE-2017-0009
CVE-2017-0010
CVE-2017-0011
CVE-2017-0012
CVE-2017-0015
CVE-2017-0017
CVE-2017-0023
CVE-2017-0032
CVE-2017-0033
CVE-2017-0034
CVE-2017-0035
CVE-2017-0049
CVE-2017-0059
CVE-2017-0130
CVE-2017-0149
CVE-2017-0154
CVE-2017-0008
CVE-2017-0018
CVE-2017-0040

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2017-00654.3Warning
CVE-2017-00664.0Warning
CVE-2017-00684.3Warning
CVE-2017-00694.3Warning
CVE-2017-00377.6Critical
CVE-2017-01354.0Warning
CVE-2017-01404.0Warning
CVE-2017-00094.3Warning
CVE-2017-00114.3Warning
CVE-2017-00124.3Warning
CVE-2017-00174.3Warning
CVE-2017-00237.6Critical
CVE-2017-00334.3Warning
CVE-2017-00494.3Warning
CVE-2017-00594.3Warning
CVE-2017-01307.6Critical
CVE-2017-01497.6Critical
CVE-2017-01545.8High
CVE-2017-00084.3Warning
CVE-2017-00187.6Critical
CVE-2017-00407.6Critical

Microsoft official advisories:

KB list:

4025342
4012204
4012217
4012215
4012216
4012606
4013198
4013429
4025339
4025344
4025338

Exploitation:

The following public exploits exists for this vulnerability:

References

Related

nessus 3
kaspersky 2
openvas 3
prion 38
veracode 15
cve 38
cvelist 36
mskb 6
threatpost 1
attackerkb 3
saint 3
zdt 2
seebug 2
symantec 17
mscve 14
checkpoint_advisories 8
zdi 3
hp 1
cisa_kev 2
myhack58 1
packetstorm 1
nessus
nessus
MS17-007: Cumulative Security Update for Microsoft Edge (4013071)
2017-03-14 00:00:00
MS17-006: Cumulative Security Update for Internet Explorer (4013073)
2017-03-14 00:00:00
MS17-009: Security Update for Microsoft Windows PDF Library (4010319)
2017-03-14 00:00:00
kaspersky
kaspersky
KLA10968 Multiple vulnerabilities in Microsoft Edge
2017-03-14 00:00:00
KLA10976 Microsoft Windows PDF Library vulnerability
2017-03-14 00:00:00
openvas
openvas
Microsoft Edge Multiple Vulnerabilities (4013071)
2017-03-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (4013073)
2017-03-15 00:00:00
Microsoft Windows PDF Library Memory Corruption Vulnerability (4010319)
2017-03-15 00:00:00
prion
prion
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
veracode
veracode
Remote Code Execution (RCE)
2018-12-05 02:07:53
Remote Code Execution (RCE)
2018-12-05 02:39:58
Remote Code Execution (RCE)
2018-12-05 02:13:54
cve
cve
CVE-2017-0067
2017-03-17 00:59:00
CVE-2017-0071
2017-03-17 00:59:00
CVE-2017-0137
2017-03-17 00:59:00
cvelist
cvelist
CVE-2017-0131
2017-03-17 00:00:00
CVE-2017-0132
2017-03-17 00:00:00
CVE-2017-0138
2017-03-17 00:00:00
mskb
mskb
MS17-007: Cumulative security update for Microsoft Edge: March 14, 2017
2017-03-14 00:00:00
MS17-006: Cumulative security update for Internet Explorer: March 14, 2017
2017-03-14 00:00:00
MS17-006: Security update for Internet Explorer: March 14, 2017
2017-03-14 07:00:00
threatpost
threatpost
Patch Tuesday Returns; Microsoft Quiet on Postponement
2017-03-14 15:26:24
attackerkb
attackerkb
CVE-2017-0149
2017-03-17 00:00:00
CVE-2017-0018
2017-03-17 00:00:00
CVE-2017-0059
2017-03-17 00:00:00
saint
saint
Internet Explorer mshtml.dll Memory Corruption Vulnerability
2017-08-01 00:00:00
Internet Explorer mshtml.dll Memory Corruption Vulnerability
2017-08-01 00:00:00
Internet Explorer mshtml.dll Memory Corruption Vulnerability
2017-08-01 00:00:00
zdt
zdt
Microsoft Edge Fetch API Arbitrary Header Setting Vulnerability
2017-03-15 00:00:00
Microsoft Internet Explorer - textarea.defaultValue Memory Disclosure (MS17-006) Exploit
2017-03-20 00:00:00
seebug
seebug
Microsoft Edge Fetch API allows setting of arbitrary request headers (CVE-2017-0140)
2017-03-15 00:00:00
Microsoft IE: textarea.defaultValue memory disclosure (CVE-2017-0059)
2017-03-21 00:00:00
symantec
symantec
Microsoft Edge CVE-2017-0140 Security Bypass Vulnerability
2017-03-14 00:00:00
Microsoft Internet Explorer and Edge CVE-2017-0012 Spoofing Vulnerability
2017-03-14 00:00:00
Microsoft Internet Explorer CVE-2017-0130 Scripting Engine Remote Memory Corruption Vulnerability
2017-03-14 00:00:00
mscve
mscve
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
2017-03-14 07:00:00
Microsoft Browser Memory Corruption Vulnerability
2017-03-14 07:00:00
Microsoft Browser Spoofing Vulnerability
2017-03-14 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0018)
2017-03-14 00:00:00
Microsoft Edge Memory Corruption (MS17-007: CVE-2017-0034)
2017-03-14 00:00:00
Microsoft Edge Information Disclosure (MS17-007: CVE-2017-0011)
2017-03-14 00:00:00
zdi
zdi
Microsoft Internet Explorer CHtmTag Use-After-Free Remote Code Execution Vulnerability
2017-03-21 00:00:00
Microsoft Edge CTransitionValues Out-Of-Bounds Read Information Disclosure Vulnerability
2017-03-21 00:00:00
Microsoft Windows JavaScript Spread Operator Stack-based Buffer Overflow Remote Code Execution Vulnerability
2017-03-21 00:00:00
hp
hp
HPSBPI03563 rev 1 - SMTP Credentials Vulnerability for HP Designjet and HP Latex printers
2017-08-02 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Information Disclosure Vulnerability
2022-03-28 00:00:00
Microsoft Internet Explorer Memory Corruption Vulnerability
2022-05-24 00:00:00
myhack58
myhack58
CVE-2017-0135 vulnerability analysis: the use of the Edge of the browser XSS filter bypass CSP-vulnerability warning-the black bar safety net
2018-03-19 00:00:00
packetstorm
packetstorm
Microsoft Edge Fetch API Arbitrary Header Setting
2017-03-14 00:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for KLA10967
nessus3kaspersky2openvas3prion38veracode15cve38cvelist36mskb6threatpost1attackerkb3saint3zdt2seebug2symantec17mscve14checkpoint_advisories8zdi3hp1cisa_kev2myhack581packetstorm1