Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10968
HistoryMar 14, 2017 - 12:00 a.m.

KLA10968 Multiple vulnerabilities in Microsoft Edge

2017-03-1400:00:00
Kaspersky Lab
threats.kaspersky.com
197

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Detect date:

03/14/2017

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information and bypass security restrictions.

Affected products:

Microsoft Edge

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

MS17-007
CVE-2017-0065
CVE-2017-0066
CVE-2017-0067
CVE-2017-0068
CVE-2017-0069
CVE-2017-0070
CVE-2017-0071
CVE-2017-0094
CVE-2017-0037
CVE-2017-0131
CVE-2017-0132
CVE-2017-0133
CVE-2017-0134
CVE-2017-0135
CVE-2017-0136
CVE-2017-0137
CVE-2017-0138
CVE-2017-0140
CVE-2017-0141
CVE-2017-0150
CVE-2017-0151
CVE-2017-0009
CVE-2017-0010
CVE-2017-0011
CVE-2017-0012
CVE-2017-0015
CVE-2017-0017
CVE-2017-0023
CVE-2017-0032
CVE-2017-0033
CVE-2017-0034
CVE-2017-0035

Impacts:

ACE

Related products:

Microsoft Edge

CVE-IDS:

CVE-2017-00654.3Warning
CVE-2017-00664.0Warning
CVE-2017-00677.6Critical
CVE-2017-00684.3Warning
CVE-2017-00694.3Warning
CVE-2017-00707.6Critical
CVE-2017-00717.6Critical
CVE-2017-00947.6Critical
CVE-2017-00377.6Critical
CVE-2017-01317.6Critical
CVE-2017-01327.6Critical
CVE-2017-01337.6Critical
CVE-2017-01347.6Critical
CVE-2017-01354.0Warning
CVE-2017-01367.6Critical
CVE-2017-01377.6Critical
CVE-2017-01387.6Critical
CVE-2017-01404.0Warning
CVE-2017-01417.6Critical
CVE-2017-01507.6Critical
CVE-2017-01517.6Critical
CVE-2017-00094.3Warning
CVE-2017-00107.6Critical
CVE-2017-00114.3Warning
CVE-2017-00124.3Warning
CVE-2017-00157.6Critical
CVE-2017-00174.3Warning
CVE-2017-00237.6Critical
CVE-2017-00327.6Critical
CVE-2017-00334.3Warning
CVE-2017-00347.6Critical
CVE-2017-00357.6Critical

Microsoft official advisories:

KB list:

4012606
4013198
4013429

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 3
openvas 4
prion 32
cvelist 32
veracode 15
cve 32
mskb 7
kaspersky 2
threatpost 1
symantec 20
zdt 3
seebug 3
mscve 21
checkpoint_advisories 13
packetstorm 2
zdi 4
myhack58 3
attackerkb 1
cisa_kev 1
nessus
nessus
MS17-007: Cumulative Security Update for Microsoft Edge (4013071)
2017-03-14 00:00:00
MS17-006: Cumulative Security Update for Internet Explorer (4013073)
2017-03-14 00:00:00
MS17-009: Security Update for Microsoft Windows PDF Library (4010319)
2017-03-14 00:00:00
openvas
openvas
Microsoft Edge Multiple Vulnerabilities (4013071)
2017-03-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (4013073)
2017-03-15 00:00:00
Microsoft Windows PDF Library Memory Corruption Vulnerability (4010319)
2017-03-15 00:00:00
prion
prion
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
cvelist
cvelist
CVE-2017-0131
2017-03-17 00:00:00
CVE-2017-0132
2017-03-17 00:00:00
CVE-2017-0138
2017-03-17 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-12-05 02:39:58
Remote Code Execution (RCE)
2018-12-05 02:13:54
Remote Code Execution (RCE)
2018-12-05 02:07:53
cve
cve
CVE-2017-0137
2017-03-17 00:59:00
CVE-2017-0015
2017-03-17 00:59:00
CVE-2017-0071
2017-03-17 00:59:00
mskb
mskb
MS17-007: Cumulative security update for Microsoft Edge: March 14, 2017
2017-03-14 00:00:00
March 14, 2017—KB4013198 (OS Build 10586.839)
2017-03-14 07:00:00
March 14, 2017—KB4013429 (OS Build 14393.953)
2017-03-14 07:00:00
kaspersky
kaspersky
KLA10967 Multiple vulnerabilities in Microsoft Browser
2017-03-14 00:00:00
KLA10976 Microsoft Windows PDF Library vulnerability
2017-03-14 00:00:00
threatpost
threatpost
Patch Tuesday Returns; Microsoft Quiet on Postponement
2017-03-14 15:26:24
symantec
symantec
Microsoft Edge CVE-2017-0140 Security Bypass Vulnerability
2017-03-14 00:00:00
Microsoft Edge CVE-2017-0135 Security Bypass Vulnerability
2017-03-14 00:00:00
Microsoft Internet Explorer and Edge CVE-2017-0012 Spoofing Vulnerability
2017-03-14 00:00:00
zdt
zdt
Microsoft Edge Fetch API Arbitrary Header Setting Vulnerability
2017-03-15 00:00:00
Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free Exploit
2017-03-16 00:00:00
Microsoft Internet Explorer - mshtml.dll Remote Code Execution (MS17-007) Exploit
2017-07-24 00:00:00
seebug
seebug
Microsoft Edge Fetch API allows setting of arbitrary request headers (CVE-2017-0140)
2017-03-15 00:00:00
Microsoft Internet Explorer and Edge Spoofing Vulnerability (CVE-2017-0012)
2017-03-16 00:00:00
Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement (CVE-2017-0037)
2017-02-26 00:00:00
mscve
mscve
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
2017-03-14 07:00:00
Microsoft Browser Spoofing Vulnerability
2017-03-14 07:00:00
Windows PDF Remote Code Execution Vulnerability
2017-03-14 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0141)
2017-03-14 00:00:00
Microsoft Edge Security Feature Bypass (MS17-007: CVE-2017-0140)
2017-03-14 00:00:00
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0133)
2017-03-14 00:00:00
packetstorm
packetstorm
Microsoft Edge Fetch API Arbitrary Header Setting
2017-03-14 00:00:00
Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion
2017-02-24 00:00:00
zdi
zdi
Microsoft Windows JavaScript Spread Operator Stack-based Buffer Overflow Remote Code Execution Vulnerability
2017-03-21 00:00:00
Microsoft Edge CTransitionValues Out-Of-Bounds Read Information Disclosure Vulnerability
2017-03-21 00:00:00
Microsoft Windows JavaScript Spread Operator Uninitialized Memory Information Disclosure Vulnerability
2017-03-21 00:00:00
myhack58
myhack58
CVE-2017-0135 vulnerability analysis: the use of the Edge of the browser XSS filter bypass CSP-vulnerability warning-the black bar safety net
2018-03-19 00:00:00
Type confusion vulnerability instance analysis-vulnerability warning-the black bar safety net
2019-02-21 00:00:00
CVE-2017-0037: the IE11&Edge Type Confusion from the PoC to the half of the Exploit-vulnerability warning-the black bar safety net
2017-03-21 00:00:00
attackerkb
attackerkb
CVE-2017-0037
2017-02-26 00:00:00
cisa_kev
cisa_kev
Microsoft Edge and Internet Explorer Type Confusion Vulnerability
2022-03-28 00:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for KLA10968
nessus3openvas4prion32cvelist32veracode15cve32mskb7kaspersky2threatpost1symantec20zdt3seebug3mscve21checkpoint_advisories13packetstorm2zdi4myhack583attackerkb1cisa_kev1