Lucene search

K
kasperskyKaspersky LabKLA11199
HistoryFeb 13, 2018 - 12:00 a.m.

KLA11199 Multiple vulnerabilities in Microsoft Browsers

2018-02-1300:00:00
Kaspersky Lab
threats.kaspersky.com
640

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.953

Percentile

99.4%

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to obtain sensitive information.
  2. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to bypass security restrictions.
  3. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  4. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.

Original advisories

CVE-2018-0763

CVE-2018-0771

CVE-2018-0834

CVE-2018-0835

CVE-2018-0836

CVE-2018-0837

CVE-2018-0838

CVE-2018-0839

CVE-2018-0840

CVE-2018-0856

CVE-2018-0857

CVE-2018-0859

CVE-2018-0860

CVE-2018-0861

CVE-2018-0866

CVE-2018-0858

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Edge

ChakraCore

CVE list

CVE-2018-0763 warning

CVE-2018-0771 warning

CVE-2018-0834 critical

CVE-2018-0835 critical

CVE-2018-0836 critical

CVE-2018-0837 critical

CVE-2018-0838 critical

CVE-2018-0839 warning

CVE-2018-0840 critical

CVE-2018-0856 critical

CVE-2018-0857 critical

CVE-2018-0859 critical

CVE-2018-0860 critical

CVE-2018-0861 critical

CVE-2018-0866 critical

CVE-2018-0858 critical

KB list

4074591

4074590

4088776

4074598

4074594

4074593

4074596

4074592

4074588

4074736

4530684

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Internet Explorer 10Microsoft Edge (EdgeHTML-based)ChakraCoreInternet Explorer 11Internet Explorer 9

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.953

Percentile

99.4%