Lucene search

Kaspersky LabKLA11478

HistoryMay 14, 2019 - 12:00 a.m.

KLA11478 Multiple vulnerabilities in Microsoft Browsers

2019-05-1400:00:00

Kaspersky Lab

threats.kaspersky.com

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.14 Low

EPSS

Percentile

95.6%

JSON

Detect date:

05/14/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, gain privileges, obtain sensitive information.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Internet Explorer 11
Internet Explorer 10
Internet Explorer 9
Microsoft Edge

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-0940
CVE-2019-0937
CVE-2019-0924
CVE-2019-0913
CVE-2019-0921
CVE-2019-0995
CVE-2019-0918
CVE-2019-0923
CVE-2019-0912
CVE-2019-0929
CVE-2019-0925
CVE-2019-0915
CVE-2019-0927
CVE-2019-0933
CVE-2019-0916
CVE-2019-0938
CVE-2019-0926
CVE-2019-0914
CVE-2019-0911
CVE-2019-0884
CVE-2019-0930
CVE-2019-0917
CVE-2019-0922

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

KB list:

4499179
4499181
4499164
4499171
4499167
4494441
4497936
4499151
4494440
4499154
4498206

Microsoft official advisories:

References

support.microsoft.com/kb/4494440

support.microsoft.com/kb/4494441

support.microsoft.com/kb/4497936

support.microsoft.com/kb/4498206

support.microsoft.com/kb/4499151

support.microsoft.com/kb/4499154

support.microsoft.com/kb/4499164

support.microsoft.com/kb/4499167

support.microsoft.com/kb/4499171

support.microsoft.com/kb/4499179

support.microsoft.com/kb/4499181

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0884

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0911

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0912

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0913

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0914

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0915

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0916

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0917

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0918

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0921

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0922

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0923

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0924

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0925

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0926

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0927

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0929

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0930

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0933

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0937

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0938

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0940

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0995

portal.msrc.microsoft.com/en-us/security-guidance

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0884

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0911

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0912

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0913

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0914

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0915

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0916

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0917

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0918

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0921

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0922

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0923

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0924

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0925

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0926

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0927

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0929

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0930

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0933

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0937

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0938

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0940

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0995

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/class/Exploit/

threats.kaspersky.com/en/product/Microsoft-Edge/

threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.14 Low

EPSS

Percentile

95.6%

JSON

Related for KLA11478