Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11431
HistoryMar 12, 2019 - 12:00 a.m.

KLA11431 Multiple vulnerabilities in Microsoft Browsers

2019-03-1200:00:00
Kaspersky Lab
threats.kaspersky.com
21

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON

Microsoft official advisories:

KB list:

4489881
4489891
4489878
4489886
4489899
4489871
4489868
4489872
4489882
4489873

Detect date:

03/12/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges, obtain sensitive information.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft Edge
ChakraCore
Internet Explorer 11
Internet Explorer 10
Internet Explorer 9

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-0773
CVE-2019-0763
CVE-2019-0783
CVE-2019-0780
CVE-2019-0667
CVE-2019-0762
CVE-2019-0761
CVE-2019-0769
CVE-2019-0768
CVE-2019-0592
CVE-2019-0680
CVE-2019-0770
CVE-2019-0678
CVE-2019-0771
CVE-2019-0779
CVE-2019-0746
CVE-2019-0666
CVE-2019-0639
CVE-2019-0665
CVE-2019-0612
CVE-2019-0609
CVE-2019-0611

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2019-07737.6Critical
CVE-2019-07637.6Critical
CVE-2019-07837.6Critical
CVE-2019-07807.6Critical
CVE-2019-06677.6Critical
CVE-2019-07624.3Warning
CVE-2019-07614.3Warning
CVE-2019-07697.6Critical
CVE-2019-07684.3Warning
CVE-2019-05927.6Critical
CVE-2019-06807.6Critical
CVE-2019-07707.6Critical
CVE-2019-06784.0Warning
CVE-2019-07717.6Critical
CVE-2019-07797.6Critical
CVE-2019-07464.3Warning
CVE-2019-06667.6Critical
CVE-2019-06397.6Critical
CVE-2019-06657.6Critical
CVE-2019-06122.6Warning
CVE-2019-06097.6Critical
CVE-2019-06117.6Critical

References

Related

nessus 9
mskb 11
prion 23
osv 15
github 8
cve 23
openvas 8
talosblog 1
zdt 4
symantec 22
checkpoint_advisories 14
githubexploit 3
mscve 22
zdi 5
veracode 8
exploitpack 1
packetstorm 1
exploitdb 1
kaspersky 1
threatpost 1
nessus
nessus
Security Updates for Internet Explorer (March 2019)
2019-03-12 00:00:00
KB4489871: Windows 10 Version 1703 March 2019 Security Update
2019-03-12 00:00:00
KB4489899: Windows 10 Version 1809 and Windows Server 2019 March 2019 Security Update
2019-03-12 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: March 12, 2019
2019-03-12 07:00:00
March 12, 2019—KB4489871 (OS Build 15063.1689)
2019-03-12 07:00:00
March 12, 2019—KB4489886 (OS Build 16299.1029)
2019-03-12 07:00:00
prion
prion
Remote code execution
2019-04-09 03:29:00
Remote code execution
2019-04-09 03:29:00
Remote code execution
2019-04-09 03:29:00
osv
osv
CVE-2019-0771
2019-04-09 03:29:00
CVE-2019-0773
2019-04-09 03:29:00
CVE-2019-0769
2019-04-09 02:29:00
github
github
High severity vulnerability that affects Microsoft.ChakraCore
2019-04-09 19:43:29
High severity vulnerability that affects Microsoft.ChakraCore
2019-04-09 19:44:03
High severity vulnerability that affects Microsoft.ChakraCore
2019-04-09 19:43:59
cve
cve
CVE-2019-0609
2019-04-08 23:29:00
CVE-2019-0769
2019-04-09 02:29:00
CVE-2019-0773
2019-04-09 03:29:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4489871)
2019-03-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4489886)
2019-03-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4489868)
2019-03-13 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — March 2019: Vulnerability disclosures and Snort coverage
2019-03-12 11:00:00
zdt
zdt
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject Exploit
2019-03-19 00:00:00
Microsoft VBScript - VbsErase Memory Corruption Exploit
2019-03-19 00:00:00
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML Exploit
2019-03-19 00:00:00
symantec
symantec
Microsoft Edge CVE-2019-0678 Remote Privilege Escalation Vulnerability
2019-03-12 00:00:00
Microsoft Edge CVE-2019-0612 Security Bypass Vulnerability
2019-03-12 00:00:00
Microsoft Internet Explorer Scripting Engine CVE-2019-0680 Remote Memory Corruption Vulnerability
2019-03-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Security Feature Bypass (CVE-2019-0612)
2019-03-12 00:00:00
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2019-0680)
2019-03-12 00:00:00
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2019-0665)
2019-03-12 00:00:00
githubexploit
githubexploit
Exploit for Incorrect Authorization in Microsoft
2019-07-19 11:55:32
Exploit for Out-of-bounds Write in Microsoft
2020-12-18 22:28:11
Exploit for Out-of-bounds Write in Microsoft
2019-05-23 10:28:40
mscve
mscve
Microsoft Edge Security Feature Bypass Vulnerability
2019-03-12 07:00:00
Microsoft Edge Elevation of Privilege Vulnerability
2019-03-12 07:00:00
Scripting Engine Memory Corruption Vulnerability
2019-03-12 07:00:00
zdi
zdi
Microsoft Internet Explorer Attr nodeValue Use-After-Free Remote Code Execution Vulnerability
2019-03-12 00:00:00
Microsoft Internet Explorer event Use-After-Free Remote Code Execution Vulnerability
2019-03-12 00:00:00
Microsoft Internet Explorer CustomEvent Use-After-Free Remote Code Execution Vulnerability
2019-03-12 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-03-15 05:15:09
Remote Code Execution (RCE)
2019-07-08 09:28:48
Remote Code Execution (RCE)
2019-07-08 14:00:42
exploitpack
exploitpack
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
2019-05-24 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer Windows 10 1809 17763.316 Memory Corruption
2019-05-24 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
2019-05-24 00:00:00
kaspersky
kaspersky
KLA11876 Multiple vulnerabiltiies in Microsoft Products (ESU)
2019-03-12 00:00:00
threatpost
threatpost
Microsoft Patches Two Win32k Bugs Under Active Attack
2019-03-12 21:52:31

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON
Related for KLA11431
nessus9mskb11prion23osv15github8cve23openvas8talosblog1zdt4symantec22checkpoint_advisories14githubexploit3mscve22zdi5veracode8exploitpack1packetstorm1exploitdb1kaspersky1threatpost1