Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11265
HistoryJun 12, 2018 - 12:00 a.m.

KLA11265 Multiple vulnerabilities in Microsoft Internet Explorer & Edge

2018-06-1200:00:00
Kaspersky Lab
threats.kaspersky.com
54

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.962 High

EPSS

Percentile

99.5%

JSON

Detect date:

06/12/2018

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information.

Affected products:

Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
ChakraCore
Microsoft Edge (EdgeHTML-based)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-8227
CVE-2018-8229
CVE-2018-8236
CVE-2018-8113
CVE-2018-8234
CVE-2018-8249
CVE-2018-8110
CVE-2018-8235
CVE-2018-8267
CVE-2018-0871
CVE-2018-8111
CVE-2018-0978
CVE-2018-8243

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2018-82277.6Critical
CVE-2018-82297.6Critical
CVE-2018-82437.6Critical
CVE-2018-82367.6Critical
CVE-2018-81134.3Warning
CVE-2018-82344.3Warning
CVE-2018-82497.6Critical
CVE-2018-81107.6Critical
CVE-2018-82354.3Warning
CVE-2018-82677.6Critical
CVE-2018-08714.3Warning
CVE-2018-81117.6Critical
CVE-2018-09787.6Critical

Microsoft official advisories:

KB list:

4284860
4284874
4284826
4284835
4284880
4284819
4230450
4284855
4284815
4532693
4532691

Exploitation:

Public exploits exist for this vulnerability.

References

Related

kaspersky 2
prion 13
cve 13
nessus 9
mskb 11
osv 5
veracode 2
github 3
openvas 9
talosblog 1
symantec 13
checkpoint_advisories 8
mscve 13
trendmicroblog 2
jakearchibald 2
zdi 2
krebs 1
packetstorm 1
zdt 1
threatpost 1
thn 1
kaspersky
kaspersky
KLA11264 Multiple vulnerabilities in Microsoft ChakraCore
2018-06-12 00:00:00
KLA11892 Multiple vulnerabilties in Microsoft Products (ESU)
2018-06-12 00:00:00
prion
prion
Remote code execution
2018-06-14 12:29:00
Remote code execution
2018-06-14 12:29:00
Remote code execution
2018-06-14 12:29:00
cve
cve
CVE-2018-8236
2018-06-14 12:29:00
CVE-2018-8110
2018-06-14 12:29:00
CVE-2018-8111
2018-06-14 12:29:00
nessus
nessus
Security Updates for Internet Explorer (June 2018)
2018-06-12 00:00:00
KB4284835: Windows 10 Version 1803 and Windows Server Version 1803 June 2018 Security Update
2018-06-12 00:00:00
KB4284819: Windows 10 Version 1709 and Windows Server Version 1709 June 2018 Security Update
2018-06-12 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: June 12, 2018
2018-06-12 07:00:00
June 12, 2018—KB4284835 (OS Build 17134.112)
2018-06-12 07:00:00
June 12, 2018—KB4284819 (OS Build 16299.492)
2018-06-12 07:00:00
osv
osv
CVE-2018-8229
2018-06-14 12:29:01
ChakraCore RCE Vulnerability
2022-05-13 01:20:43
CVE-2018-8227
2018-06-14 12:29:01
veracode
veracode
Remote Code Execution (RCE)
2018-11-16 02:54:55
Remote Code Execution (RCE)
2018-07-13 02:32:03
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:20:43
ChakraCore RCE Vulnerability
2022-05-13 01:20:43
ChakraCore RCE Vulnerability
2022-05-13 01:20:42
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4284819)
2018-06-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4284874)
2018-06-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4284835)
2018-06-13 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - June 2018
2018-06-12 11:58:00
symantec
symantec
Microsoft ChakraCore Scripting Engine CVE-2018-8243 Remote Memory Corruption Vulnerability
2018-06-12 00:00:00
Microsoft Internet Explorer CVE-2018-8249 Remote Memory Corruption Vulnerability
2018-06-12 00:00:00
Microsoft Chakra Scripting Engine CVE-2018-8227 Remote Memory Corruption Vulnerability
2018-06-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (CVE-2018-8249)
2018-06-12 00:00:00
Microsoft Edge Memory Corruption (CVE-2018-8111)
2018-06-12 00:00:00
Multiple Web Browsers Security Feature Bypass Information Disclosure (CVE-2018-8235)
2018-06-21 00:00:00
mscve
mscve
Internet Explorer Memory Corruption Vulnerability
2018-06-12 07:00:00
Microsoft Edge Memory Corruption Vulnerability
2018-06-12 07:00:00
Internet Explorer Security Feature Bypass Vulnerability
2018-06-12 07:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 11, 2018
2018-06-15 12:39:57
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 9, 2018
2018-04-13 15:37:14
jakearchibald
jakearchibald
I discovered a browser bug
2018-06-20 14:17:41
I discovered a browser bug
2018-06-20 14:17:41
zdi
zdi
Microsoft Chakra Typed Array Use-After-Free Information Disclosure Vulnerability
2018-06-13 00:00:00
(0Day) Microsoft Windows JScript Error Object Use-After-Free Remote Code Execution Vulnerability
2018-05-29 00:00:00
krebs
krebs
Microsoft Patch Tuesday, June 2018 Edition
2018-06-12 21:04:05
packetstorm
packetstorm
Microsoft Edge Chakra JIT SetConcatStrMultiItemBE Type Confusion
2018-07-12 00:00:00
zdt
zdt
Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions Exploit
2018-07-12 00:00:00
threatpost
threatpost
June Patch Tuesday: Microsoft Issues Critical Fixes for DNS, Cortana
2018-06-12 21:36:17
thn
thn
Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates
2018-06-12 18:32:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.962 High

EPSS

Percentile

99.5%

JSON
Related for KLA11265
kaspersky2prion13cve13nessus9mskb11osv5veracode2github3openvas9talosblog1symantec13checkpoint_advisories8mscve13trendmicroblog2jakearchibald2zdi2krebs1packetstorm1zdt1threatpost1thn1