Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11058
HistoryApr 11, 2017 - 12:00 a.m.

KLA11058 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

2017-04-1100:00:00
Kaspersky Lab
threats.kaspersky.com
34

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.893 High

EPSS

Percentile

98.7%

JSON

Detect date:

04/11/2017

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to to gain privileges, execute arbitrary code, bypass security restrictions and obtain sensitive information.

Affected products:

Microsoft Edge
Microsoft Internet Explorer versions 9 through 11

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-0205
CVE-2017-0203
CVE-2017-0202
CVE-2017-0201
CVE-2017-0200
CVE-2017-0093
CVE-2017-0208
CVE-2017-0210
CVE-2017-0093
CVE-2017-0200
CVE-2017-0201
CVE-2017-0202
CVE-2017-0203
CVE-2017-0205
CVE-2017-0208
CVE-2017-0210

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2017-00937.6Critical
CVE-2017-02007.6Critical
CVE-2017-02017.6Critical
CVE-2017-02027.6Critical
CVE-2017-02034.3Warning
CVE-2017-02057.6Critical
CVE-2017-02084.3Warning
CVE-2017-02104.3Warning

Microsoft official advisories:

KB list:

4015549
4015550
4015221
4014661
4015551
4015219
4015217
4015583

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 7
mskb 8
qualysblog 1
veracode 2
prion 8
cve 8
threatpost 1
checkpoint_advisories 7
symantec 8
mscve 8
osv 1
packetstorm 1
zdt 1
github 1
openvas 8
attackerkb 1
cisa_kev 1
thn 1
kaspersky 1
nessus
nessus
Security Updates for Internet Explorer (April 2017)
2017-11-30 00:00:00
KB4015219: Windows 10 Version 1511 April 2017 Cumulative Update
2017-04-11 00:00:00
KB4015583: Windows 10 Version 1703 April 2017 Cumulative Update
2017-04-11 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: April 11, 2017
2017-04-11 07:00:00
April 11, 2017—KB4015217 (OS Build 14393.1066 and 14393.1083)
2017-04-11 07:00:00
April 11, 2017—KB4015583 (OS Build 15063.138)
2017-04-11 07:00:00
qualysblog
qualysblog
Microsoft Fixes 45 Vulnerabilities with new Security Update Guide – says goodbye to Security Bulletins
2017-04-11 18:24:03
veracode
veracode
Remote Code Execution (RCE)
2018-12-04 14:43:04
Remote Code Execution (RCE)
2018-12-04 14:46:41
prion
prion
Remote code execution
2017-04-12 14:59:00
Remote code execution
2017-04-12 14:59:00
Remote code execution
2017-04-12 14:59:00
cve
cve
CVE-2017-0093
2017-04-12 14:59:00
CVE-2017-0201
2017-04-12 14:59:00
CVE-2017-0200
2017-04-12 14:59:00
threatpost
threatpost
Microsoft Patches Three Vulnerabilities Under Attack
2017-04-11 18:19:52
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Memory Corruption (CVE-2017-0200)
2017-04-11 00:00:00
Microsoft Internet Explorer Memory Corruption (CVE-2017-0202)
2017-04-11 00:00:00
Microsoft Edge Scripting Engine Information Disclosure (CVE-2017-0208)
2017-04-11 00:00:00
symantec
symantec
Microsoft Edge CVE-2017-0200 Scripting Engine Remote Memory Corruption Vulnerability
2017-04-11 00:00:00
Microsoft Edge CVE-2017-0208 Scripting Engine Information Disclosure Vulnerability
2017-04-11 00:00:00
Microsoft Internet Explorer CVE-2017-0202 Remote Memory Corruption Vulnerability
2017-04-11 00:00:00
mscve
mscve
Microsoft Edge Memory Corruption Vulnerability
2017-04-11 07:00:00
Scripting Engine Information Disclosure Vulnerability
2017-04-11 07:00:00
CVE-2017-0203
2017-04-11 07:00:00
osv
osv
ChakraCore information disclosure vulnerability
2022-05-17 02:32:54
packetstorm
packetstorm
Microsoft Internet Explorer CStyleSheetArray::BuildListOfMatchedRules Memory Corruption
2017-04-27 00:00:00
zdt
zdt
Microsoft Internet Explorer 11.576.14393.0 - CStyleSheetArray::BuildListOfMatchedRules Memory Corrup
2017-04-27 00:00:00
github
github
ChakraCore information disclosure vulnerability
2022-05-17 02:32:54
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (KB4014661)
2017-03-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4015217)
2017-04-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4015583)
2017-04-12 00:00:00
attackerkb
attackerkb
CVE-2017-0210
2017-04-12 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Privilege Escalation Vulnerability
2022-05-24 00:00:00
thn
thn
Microsoft Issues Patches for Actively Exploited Critical Vulnerabilities
2017-04-11 23:22:00
kaspersky
kaspersky
KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)
2017-04-11 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.893 High

EPSS

Percentile

98.7%

JSON
Related for KLA11058
nessus7mskb8qualysblog1veracode2prion8cve8threatpost1checkpoint_advisories7symantec8mscve8osv1packetstorm1zdt1github1openvas8attackerkb1cisa_kev1thn1kaspersky1