Basic search

K
kasperskyKaspersky LabKLA11353
HistoryNov 13, 2018 - 12:00 a.m.

KLA11353 Multiple vulnerabilities in Microsoft Browser

2018-11-1300:00:00
Kaspersky Lab
threats.kaspersky.com
389

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.839 High

EPSS

Percentile

98.4%

Detect date:

11/13/2018

Severity:

Critical

Description:

Multiple serious vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface.

Affected products:

Microsoft Edge
ChakraCore
Internet Explorer 11
Internet Explorer 9
Internet Explorer 10

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-8588
CVE-2018-8557
CVE-2018-8545
CVE-2018-8542
CVE-2018-8556
CVE-2018-8543
CVE-2018-8567
CVE-2018-8564
CVE-2018-8541
CVE-2018-8552
CVE-2018-8570
CVE-2018-8555
CVE-2018-8551

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2018-85887.6Critical
CVE-2018-85577.6Critical
CVE-2018-85454.3Warning
CVE-2018-85427.6Critical
CVE-2018-85567.6Critical
CVE-2018-85437.6Critical
CVE-2018-85675.8High
CVE-2018-85644.3Warning
CVE-2018-85417.6Critical
CVE-2018-85527.6Critical
CVE-2018-85707.6Critical
CVE-2018-85557.6Critical
CVE-2018-85517.6Critical

KB list:

4467680
4467708
4467691
4467702
4467686
4467696
4467701
4467697
4466536
4467107

Microsoft official advisories:

Exploitation:

Public exploits exist for this vulnerability.

References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.839 High

EPSS

Percentile

98.4%