Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11222
HistoryApr 10, 2018 - 12:00 a.m.

KLA11222 Multiple vulnerabilities in Microsoft Browsers

2018-04-1000:00:00
Kaspersky Lab
threats.kaspersky.com
57

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.5%

JSON

Detect date:

04/10/2018

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Affected products:

Microsoft Edge (EdgeHTML-based)
Internet Explorer 9
Internet Explorer 10
ChakraCore
Internet Explorer 11

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-0981
CVE-2018-0994
CVE-2018-0997
CVE-2018-0990
CVE-2018-1023
CVE-2018-1000
CVE-2018-0892
CVE-2018-1001
CVE-2018-1019
CVE-2018-1018
CVE-2018-0998
CVE-2018-1020
CVE-2018-0988
CVE-2018-0979
CVE-2018-0980
CVE-2018-0987
CVE-2018-0995
CVE-2018-0989
CVE-2018-0870
CVE-2018-0991
CVE-2018-0993
CVE-2018-0996

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2018-09812.6Warning
CVE-2018-09947.6Critical
CVE-2018-09977.6Critical
CVE-2018-09907.6Critical
CVE-2018-10237.6Critical
CVE-2018-10002.6Warning
CVE-2018-08924.3Warning
CVE-2018-10017.6Critical
CVE-2018-10197.6Critical
CVE-2018-10187.6Critical
CVE-2018-09984.3Warning
CVE-2018-10207.6Critical
CVE-2018-09887.6Critical
CVE-2018-09797.6Critical
CVE-2018-09807.6Critical
CVE-2018-09874.3Warning
CVE-2018-09957.6Critical
CVE-2018-09894.3Warning
CVE-2018-08707.6Critical
CVE-2018-09917.6Critical
CVE-2018-09937.6Critical
CVE-2018-09967.6Critical

Microsoft official advisories:

KB list:

4093112
4093114
4093111
4093107
4093109
4093119
4093118
4093123
4092946

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 19
mskb 9
prion 22
osv 8
cve 22
github 7
veracode 2
openvas 8
talosblog 1
trendmicroblog 1
symantec 21
mscve 22
zdi 7
kaspersky 1
checkpoint_advisories 14
zdt 1
packetstorm 1
fedora 3
nessus
nessus
Security Updates for Internet Explorer (April 2018)
2018-04-10 00:00:00
KB4093109: Windows 10 Version 1511 April 2018 Security Update
2018-04-10 00:00:00
KB4093107: Windows 10 Version 1703 April 2018 Security Update
2018-04-10 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: April 10, 2018
2018-04-10 07:00:00
April 10, 2018—KB4093109 (OS Build 10586.1540)
2018-04-10 07:00:00
April 10, 2018—KB4093119 (OS Build 14393.2189)
2018-05-08 07:00:00
prion
prion
Remote code execution
2018-04-12 01:29:00
Remote code execution
2018-04-12 01:29:00
Remote code execution
2018-04-12 01:29:00
osv
osv
CVE-2018-0980
2018-04-12 01:29:07
ChakraCore RCE Vulnerability
2022-05-13 01:18:49
ChakraCore RCE Vulnerability
2022-05-13 01:18:42
cve
cve
CVE-2018-0994
2018-04-12 01:29:00
CVE-2018-0980
2018-04-12 01:29:00
CVE-2018-1019
2018-04-12 01:29:00
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:18:42
ChakraCore RCE Vulnerability
2022-05-13 01:18:42
ChakraCore RCE Vulnerability
2022-05-13 01:18:49
veracode
veracode
Remote Code Execution (RCE)
2018-12-03 05:09:38
Remote Code Execution (RCE)
2019-07-08 09:28:48
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4093109)
2018-04-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4093111)
2018-04-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4093107)
2018-04-11 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - April 2018
2018-04-10 13:13:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 9, 2018
2018-04-13 15:37:14
symantec
symantec
Microsoft Edge CVE-2018-0892 Information Disclosure Vulnerability
2018-04-10 00:00:00
Microsoft Edge CVE-2018-0998 Information Disclosure Vulnerability
2018-04-10 00:00:00
Microsoft ChakraCore Scripting Engine CVE-2018-0979 Remote Memory Corruption Vulnerability
2018-04-10 00:00:00
mscve
mscve
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
2018-04-10 07:00:00
Microsoft Browser Memory Corruption Vulnerability
2018-04-10 07:00:00
Microsoft Edge PDF Information Disclosure Vulnerability
2018-04-10 07:00:00
zdi
zdi
Microsoft Windows JScript defineProperty Use-After-Free Information Disclosure Vulnerability
2018-04-11 00:00:00
Microsoft Chakra Array.splice Use-After-Free Remote Code Execution Vulnerability
2018-09-19 00:00:00
Microsoft Windows JScript String Manipulation Integer Overflow Remote Code Execution Vulnerability
2018-04-11 00:00:00
kaspersky
kaspersky
KLA11896 Multiple vulnerabilities in Microsoft Products (ESU)
2018-04-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Information Disclosure (CVE-2018-0998)
2018-04-10 00:00:00
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-1001)
2018-04-10 00:00:00
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-0990)
2018-04-10 00:00:00
zdt
zdt
Microsoft Edge Chakra JIT - Bound Check Elimination Bug Exploit
2018-05-18 00:00:00
packetstorm
packetstorm
Microsoft Edge Chakra JIT Bounce Check Elimination Bug
2018-05-18 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: godot-3.0.6-1.fc28
2018-08-31 21:17:31
[SECURITY] Fedora 27 Update: godot-3.0.6-1.fc27
2018-09-11 14:56:38
[SECURITY] Fedora 29 Update: godot-3.0.6-1.fc29
2018-09-21 05:38:36

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.5%

JSON
Related for KLA11222
nessus19mskb9prion22osv8cve22github7veracode2openvas8talosblog1trendmicroblog1symantec21mscve22zdi7kaspersky1checkpoint_advisories14zdt1packetstorm1fedora3