Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11247
HistoryMay 08, 2018 - 12:00 a.m.

KLA11247 Multiple vulnerabilities in Microsoft Browsers

2018-05-0800:00:00
Kaspersky Lab
threats.kaspersky.com
60

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.961 High

EPSS

Percentile

99.5%

JSON

Detect date:

05/08/2018

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions.

Affected products:

Internet Explorer 11
Microsoft Edge (EdgeHTML-based)
Internet Explorer 9
Internet Explorer 10
ChakraCore

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-0943
CVE-2018-0945
CVE-2018-0946
CVE-2018-0951
CVE-2018-0953
CVE-2018-0954
CVE-2018-1021
CVE-2018-8123
CVE-2018-1022
CVE-2018-8130
CVE-2018-8178
CVE-2018-8128
CVE-2018-8133
CVE-2018-8114
CVE-2018-0955
CVE-2018-8139
CVE-2018-1025
CVE-2018-8112
CVE-2018-8145
CVE-2018-8126
CVE-2018-8137
CVE-2018-8122
CVE-2018-8179
CVE-2018-8177

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2018-09437.6Critical
CVE-2018-09457.6Critical
CVE-2018-09467.6Critical
CVE-2018-09517.6Critical
CVE-2018-09537.6Critical
CVE-2018-09547.6Critical
CVE-2018-10214.3Warning
CVE-2018-81234.3Warning
CVE-2018-10227.6Critical
CVE-2018-81307.6Critical
CVE-2018-81787.6Critical
CVE-2018-81287.6Critical
CVE-2018-81337.6Critical
CVE-2018-81147.6Critical
CVE-2018-09557.6Critical
CVE-2018-81397.6Critical
CVE-2018-10254.3Warning
CVE-2018-81124.3Warning
CVE-2018-81457.6Critical
CVE-2018-81266.8High
CVE-2018-81377.6Critical
CVE-2018-81227.6Critical
CVE-2018-81797.6Critical
CVE-2018-81777.6Critical

Microsoft official advisories:

KB list:

4103723
4103716
4103731
4103721
4103730
4103718
4103727
4103725
4103768

Exploitation:

Public exploits exist for this vulnerability.

References

Related

prion 23
osv 25
veracode 14
cve 24
github 11
nessus 8
mskb 8
openvas 7
trendmicroblog 1
talosblog 1
checkpoint_advisories 13
symantec 22
mscve 24
zdi 8
zdt 4
packetstorm 3
srcincite 1
seebug 2
prion
prion
Remote code execution
2018-05-09 19:29:00
Remote code execution
2018-05-09 19:29:00
Remote code execution
2018-05-09 19:29:00
osv
osv
CVE-2018-8139
2018-05-09 19:29:01
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
CVE-2018-1022
2018-05-09 19:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-06-28 06:50:17
Remote Code Execution (RCE)
2018-06-28 07:40:56
Remote Code Execution (RCE)
2018-06-29 04:40:18
cve
cve
CVE-2018-0953
2018-05-09 19:29:00
CVE-2018-0946
2018-05-09 19:29:00
CVE-2018-8114
2018-05-09 19:29:00
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
ChakraCore RCE Vulnerability
2022-05-13 01:18:49
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
nessus
nessus
Security Updates for Internet Explorer (May 2018)
2018-05-08 00:00:00
KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update
2018-05-08 00:00:00
KB4103727: Windows 10 Version 1709 and Windows Server Version 1709 May 2018 Security Update
2018-05-08 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: May 08, 2018
2018-05-08 07:00:00
May 8, 2018—KB4103721 (OS Build 17134.48)
2018-05-08 07:00:00
May 8, 2018—KB4103727 (OS Build 16299.431)
2018-05-08 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4103721)
2018-05-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4103727)
2018-05-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4103723)
2018-05-09 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018
2018-05-11 15:37:20
talosblog
talosblog
Microsoft Patch Tuesday - May 2018
2018-05-08 12:02:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Memory Corruption (CVE-2018-8179)
2018-05-08 00:00:00
Microsoft Edge Memory Corruption (CVE-2018-8123)
2018-05-08 00:00:00
Microsoft Edge and Internet Explorer Chakra Out of Bounds Read (CVE-2018-8145)
2018-07-12 00:00:00
symantec
symantec
Microsoft Edge CVE-2018-8123 Remote Memory Corruption Vulnerability
2018-05-08 00:00:00
Microsoft Internet Explorer and Edge CVE-2018-8178 Remote Memory Corruption Vulnerability
2018-05-08 00:00:00
Microsoft ChakraCore Scripting Engine CVE-2018-8145 Remote Memory Corruption Vulnerability
2018-05-08 00:00:00
mscve
mscve
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
2018-05-08 07:00:00
Microsoft Browser Memory Corruption Vulnerability
2018-05-08 07:00:00
Microsoft Edge Memory Corruption Vulnerability
2018-05-08 07:00:00
zdi
zdi
Microsoft Edge OutputElement DoReset Use-After-Free Information Disclosure Vulnerability
2018-05-14 00:00:00
(Pwn2Own) Microsoft Edge WebRTC Parameters Use-After-Free Remote Code Execution Vulnerability
2018-06-08 00:00:00
Microsoft Edge XML File Sandbox Escape Vulnerability
2018-05-14 00:00:00
zdt
zdt
Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes Exploit
2018-07-12 00:00:00
Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read Exploit
2018-07-12 00:00:00
Microsoft Edge Chakra EntrySimpleObjectSlotGetter Type Confusion Exploit
2018-05-31 00:00:00
packetstorm
packetstorm
Microsoft Edge Chakra JIT Out-Of-Bounds Reads/Writes
2018-07-12 00:00:00
Microsoft Edge Chakra JIT BoundFunction::NewInstance Bug
2018-07-12 00:00:00
Microsoft Edge Chakra EntrySimpleObjectSlotGetter Type Confusion
2018-05-31 00:00:00
srcincite
srcincite
SRC-2018-0025 : Microsoft Edge Undo Out-Of-Bounds Read Information Disclosure Vulnerability
2018-04-27 00:00:00
seebug
seebug
Microsoft Edge: Chakra: EntrySimpleObjectSlotGetter can have side effects(CVE-2018-8133)
2018-06-08 00:00:00
Microsoft Edge: Chakra: Cross context bug(CVE-2018-0946)
2018-06-08 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.961 High

EPSS

Percentile

99.5%

JSON
Related for KLA11247
prion23osv25veracode14cve24github11nessus8mskb8openvas7trendmicroblog1talosblog1checkpoint_advisories13symantec22mscve24zdi8zdt4packetstorm3srcincite1seebug2