Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11199
HistoryFeb 13, 2018 - 12:00 a.m.

KLA11199 Multiple vulnerabilities in Microsoft Browsers

2018-02-1300:00:00
Kaspersky Lab
threats.kaspersky.com
638

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.954 High

EPSS

Percentile

99.3%

JSON

Detect date:

02/13/2018

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code.

Affected products:

Internet Explorer 10
Microsoft Edge (EdgeHTML-based)
ChakraCore
Internet Explorer 11
Internet Explorer 9

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-0763
CVE-2018-0771
CVE-2018-0834
CVE-2018-0835
CVE-2018-0836
CVE-2018-0837
CVE-2018-0838
CVE-2018-0839
CVE-2018-0840
CVE-2018-0856
CVE-2018-0857
CVE-2018-0859
CVE-2018-0860
CVE-2018-0861
CVE-2018-0866
CVE-2018-0858

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2018-07632.6Warning
CVE-2018-07714.3Warning
CVE-2018-08349.3Critical
CVE-2018-08357.6Critical
CVE-2018-08367.6Critical
CVE-2018-08377.6Critical
CVE-2018-08387.6Critical
CVE-2018-08394.3Warning
CVE-2018-08409.3Critical
CVE-2018-08567.6Critical
CVE-2018-08577.6Critical
CVE-2018-08597.6Critical
CVE-2018-08607.6Critical
CVE-2018-08619.3Critical
CVE-2018-08669.3Critical
CVE-2018-08589.3Critical

Microsoft official advisories:

KB list:

4074591
4074590
4088776
4074598
4074594
4074593
4074596
4074592
4074588
4074736
4530684

Exploitation:

Public exploits exist for this vulnerability.

References

Related

prion 16
veracode 12
osv 10
cve 16
github 10
mskb 11
openvas 10
nessus 9
thn 1
trendmicroblog 1
talosblog 1
symantec 16
mscve 16
checkpoint_advisories 8
zdi 8
zdt 7
packetstorm 5
seebug 2
ics 1
threatpost 1
kaspersky 1
prion
prion
Memory corruption
2018-02-15 02:29:00
Memory corruption
2018-02-15 02:29:00
Memory corruption
2018-02-15 02:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-12-04 12:59:47
Remote Code Execution (RCE)
2018-12-04 12:29:39
Remote Code Execution (RCE)
2018-12-04 13:06:24
osv
osv
ChakraCore RCE Vulnerability
2022-05-13 01:18:32
ChakraCore RCE Vulnerability
2022-05-13 01:18:33
ChakraCore RCE Vulnerability
2022-05-13 01:18:32
cve
cve
CVE-2018-0858
2018-02-15 02:29:00
CVE-2018-0860
2018-02-15 02:29:00
CVE-2018-0856
2018-02-15 02:29:00
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:18:34
ChakraCore RCE Vulnerability
2022-05-13 01:18:32
ChakraCore RCE Vulnerability
2022-05-13 01:18:34
mskb
mskb
February 13, 2018โ€”KB4074592 (OS Build 15063.909)
2018-02-13 08:00:00
Cumulative security update for Internet Explorer: February 13, 2018
2018-02-13 08:00:00
February 13, 2018โ€”KB4074590 (OS Build 14393.2068)
2018-02-13 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4074592)
2018-02-14 00:00:00
Microsoft Windows Internet Explorer Multiple RCE Vulnerabilities (KB4074736)
2018-02-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4074590)
2018-02-14 00:00:00
nessus
nessus
KB4074592: Windows 10 Version 1703 February 2018 Security Update (Meltdown)(Spectre)
2018-02-13 00:00:00
Security Updates for Internet Explorer (February 2018)
2018-02-13 00:00:00
KB4074588: Windows 10 Version 1709 and Windows Server Version 1709 February 2018 Security Update
2018-02-13 00:00:00
thn
thn
Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities
2018-02-14 08:28:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage โ€“ Week of February 12, 2018
2018-02-16 13:00:28
talosblog
talosblog
Microsoft Patch Tuesday - February 2018
2018-02-13 13:26:00
symantec
symantec
Microsoft Edge Scripting Engine CVE-2018-0857 Remote Memory Corruption Vulnerability
2018-02-13 00:00:00
Microsoft Edge CVE-2018-0839 Information Disclosure Vulnerability
2018-02-13 00:00:00
Microsoft ChakraCore Scripting Engine CVE-2018-0858 Remote Memory Corruption Vulnerability
2018-02-13 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2018-02-13 08:00:00
Scripting Engine Memory Corruption Vulnerability
2018-02-13 08:00:00
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
2018-02-13 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Scripting Engine Memory Corruption (CVE-2018-0858)
2018-02-13 00:00:00
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0835)
2018-02-13 00:00:00
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0834)
2018-02-13 00:00:00
zdi
zdi
Microsoft Edge CSS Background Property Type Confusion Remote Code Execution Vulnerability
2018-06-13 00:00:00
Microsoft Edge Select Element Out-Of-Bounds Read Information Disclosure Vulnerability
2018-02-21 00:00:00
Microsoft Edge CSS var Function Uninitialized Pointer Remote Code Execution Vulnerability
2018-04-25 00:00:00
zdt
zdt
Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion Exploit
2018-02-15 00:00:00
Microsoft Edge Chakra JIT - Memory Corruption Exploit
2018-02-15 00:00:00
Microsoft Internet Explorer 11 - Js::RegexHelper::RegexReplace Use-After-Free Exploit
2018-02-20 00:00:00
packetstorm
packetstorm
Microsoft Edge Chakra JIT Escape Analysis Bug
2018-02-15 00:00:00
Microsoft Edge Chakra JIT LdThis Type Confusion
2018-02-15 00:00:00
Microsoft Edge Chakra JIT Array.prototype.reverse Array Type Confusion
2018-02-15 00:00:00
seebug
seebug
IE11: Use-after-free in Js::RegexHelper::RegexReplace(CVE-2018-0866)
2018-02-24 00:00:00
IE11: Use-after-free in String.lastIndexOf(CVE-2018-0866)
2018-02-24 00:00:00
ics
ics
PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client
2018-07-17 12:00:00
threatpost
threatpost
Two Nasty Outlook Bugs Fixed in Microsoftโ€™s Feb. Patch Tuesday Update
2018-02-13 17:01:19
kaspersky
kaspersky
KLA11200 Multiple vulnerabilties in Microsoft Products (ESU)
2018-02-13 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.954 High

EPSS

Percentile

99.3%

JSON
Related for KLA11199
prion16veracode12osv10cve16github10mskb11openvas10nessus9thn1trendmicroblog1talosblog1symantec16mscve16checkpoint_advisories8zdi8zdt7packetstorm5seebug2ics1threatpost1kaspersky1