Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11209
HistoryMar 13, 2018 - 12:00 a.m.

KLA11209 Multiple vulnerabilities in Microsoft Internet Explorer and Edge

2018-03-1300:00:00
Kaspersky Lab
threats.kaspersky.com
364

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.957 High

EPSS

Percentile

99.4%

JSON

Detect date:

03/13/2018

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.

Affected products:

ChakraCore
Microsoft Edge (EdgeHTML-based)
Internet Explorer 10
Internet Explorer 9
Internet Explorer 11

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-0872
CVE-2018-0873
CVE-2018-0874
CVE-2018-0876
CVE-2018-0879
CVE-2018-0889
CVE-2018-0891
CVE-2018-0893
CVE-2018-0927
CVE-2018-0929
CVE-2018-0930
CVE-2018-0931
CVE-2018-0932
CVE-2018-0933
CVE-2018-0934
CVE-2018-0935
CVE-2018-0936
CVE-2018-0937
CVE-2018-0939
CVE-2018-0942
CVE-2018-0925

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2018-08727.6Critical
CVE-2018-08737.6Critical
CVE-2018-08747.6Critical
CVE-2018-08767.6Critical
CVE-2018-08795.0Warning
CVE-2018-08897.6Critical
CVE-2018-08914.3Warning
CVE-2018-08937.6Critical
CVE-2018-09274.3Warning
CVE-2018-09294.3Warning
CVE-2018-09307.6Critical
CVE-2018-09317.6Critical
CVE-2018-09324.3Warning
CVE-2018-09337.6Critical
CVE-2018-09347.6Critical
CVE-2018-09357.6Critical
CVE-2018-09367.6Critical
CVE-2018-09377.6Critical
CVE-2018-09394.3Warning
CVE-2018-09422.1Warning
CVE-2018-09257.6Critical

Microsoft official advisories:

KB list:

4088782
4088787
4088786
4088779
4089187
4088877
4088875
4088776
4088876
4096040

Exploitation:

Public exploits exist for this vulnerability.

References

Related

prion 21
cve 21
osv 13
veracode 3
github 11
mskb 10
nessus 10
openvas 7
zdt 4
talosblog 1
trendmicroblog 1
symantec 21
mscve 21
checkpoint_advisories 9
packetstorm 3
zdi 2
kaspersky 1
threatpost 1
prion
prion
Memory corruption
2018-03-14 17:29:00
Memory corruption
2018-03-14 17:29:00
Memory corruption
2018-03-14 17:29:00
cve
cve
CVE-2018-0930
2018-03-14 17:29:00
CVE-2018-0874
2018-03-14 17:29:00
CVE-2018-0933
2018-03-14 17:29:00
osv
osv
CVE-2018-0934
2018-03-14 17:29:03
ChakraCore RCE Vulnerability
2022-05-13 01:18:35
ChakraCore RCE Vulnerability
2022-05-13 01:18:35
veracode
veracode
Remote Code Execution (RCE)
2018-12-03 04:14:07
Remote Code Execution (RCE)
2019-07-08 09:22:14
Remote Code Execution (RCE)
2019-07-08 09:22:14
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:18:38
ChakraCore RCE Vulnerability
2022-05-13 01:18:38
ChakraCore RCE Vulnerability
2022-05-13 01:18:35
mskb
mskb
Cumulative security update for Internet Explorer: March 23, 2018
2018-04-06 07:00:00
Cumulative security update for Internet Explorer: March 13, 2018
2018-04-06 07:00:00
March 13, 2018—KB4088776 (OS Build 16299.309)
2018-04-06 07:00:00
nessus
nessus
Security Updates for Internet Explorer (March 2018)
2018-03-13 00:00:00
KB4088776: Windows 10 Version 1709 and Windows Server Version 1709 March 2018 Security Update
2018-03-13 00:00:00
KB4088782: Windows 10 Version 1703 March 2018 Security Update
2018-03-13 00:00:00
openvas
openvas
Microsoft Internet Explorer Memory Corruption And Information Disclosure Vulnerabilities (KB4089187)
2018-03-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4088776)
2018-03-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4088782)
2018-03-14 00:00:00
zdt
zdt
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) Exploit
2018-04-03 00:00:00
Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods Exploit
2018-04-05 00:00:00
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2) Exploit
2018-04-03 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - March 2018
2018-03-13 14:38:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 12, 2018
2018-03-16 15:14:43
symantec
symantec
Microsoft ChakraCore Scripting Engine CVE-2018-0874 Remote Memory Corruption Vulnerability
2018-03-13 00:00:00
Microsoft ChakraCore Scripting Engine CVE-2018-0939 Information Disclosure Vulnerability
2018-03-13 00:00:00
Microsoft ChakraCore Scripting Engine CVE-2018-0925 Remote Memory Corruption Vulnerability
2018-03-13 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2018-03-13 07:00:00
Chakra Scripting Engine Memory Corruption Vulnerability
2018-03-13 07:00:00
Chakra Scripting Engine Memory Corruption Vulnerability
2018-03-13 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-0935)
2018-03-13 00:00:00
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-0934)
2018-03-13 00:00:00
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0893)
2018-03-13 00:00:00
packetstorm
packetstorm
Microsoft Windows jscript Use-After-Free
2018-04-05 00:00:00
Microsoft Edge Charka JIT Incomplete Fix For Issue 1420 #2
2018-04-03 00:00:00
Microsoft Edge Charka JIT Incomplete Fix For Issue 1420
2018-04-03 00:00:00
zdi
zdi
Microsoft Internet Explorer VML textpath Out-Of-Bounds Read Information Disclosure Vulnerability
2018-03-19 00:00:00
Microsoft Windows VBScript Join Function Integer Overflow Remote Code Execution Vulnerability
2018-03-19 00:00:00
kaspersky
kaspersky
KLA11778 Multiple vulnerabilities in Microsoft Products (ESU)
2018-03-13 00:00:00
threatpost
threatpost
Microsoft Patches 15 Critical Bugs in March Patch Tuesday Update
2018-03-13 18:25:37

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.957 High

EPSS

Percentile

99.4%

JSON
Related for KLA11209
prion21cve21osv13veracode3github11mskb10nessus10openvas7zdt4talosblog1trendmicroblog1symantec21mscve21checkpoint_advisories9packetstorm3zdi2kaspersky1threatpost1