Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11557
HistorySep 10, 2019 - 12:00 a.m.

KLA11557 Multiple vulnerabilities in Microsoft Browsers

2019-09-1000:00:00
Kaspersky Lab
threats.kaspersky.com
16

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

91.9%

JSON

Detect date:

09/10/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

ChakraCore
Microsoft Edge (EdgeHTML-based)
Internet Explorer 11
Internet Explorer 9
Internet Explorer 10

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1300
CVE-2019-1299
CVE-2019-1138
CVE-2019-1237
CVE-2019-1217
CVE-2019-1221
CVE-2019-1220
CVE-2019-1236
CVE-2019-1208
CVE-2019-1298

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2019-11387.6Critical
CVE-2019-12987.6Critical
CVE-2019-12377.6Critical
CVE-2019-13007.6Critical
CVE-2019-12177.6Critical
CVE-2019-12994.3Warning
CVE-2019-12217.6Critical
CVE-2019-12204.3Warning
CVE-2019-12367.6Critical
CVE-2019-12087.6Critical

Microsoft official advisories:

KB list:

4516066
4516068
4516065
4515384
4516044
4512578
4516058
4516067
4516055
4516070
4516046

References

Related

veracode 5
osv 10
cve 11
github 5
prion 11
nessus 13
mskb 12
fedora 2
openvas 12
symantec 10
mscve 10
checkpoint_advisories 2
trendmicroblog 1
zdi 1
githubexploit 1
myhack58 1
attackerkb 1
talosblog 1
kaspersky 1
threatpost 1
veracode
veracode
Remote Code Execution
2019-09-12 07:39:59
Remote Code Execution
2019-09-12 07:33:07
Remote Code Execution
2019-09-12 07:45:33
osv
osv
Out-of-bounds write
2021-03-29 20:56:01
CVE-2019-1300
2019-09-11 22:15:18
Out-of-bounds write
2021-03-29 20:56:04
cve
cve
CVE-2019-1298
2019-09-11 22:15:00
CVE-2019-1217
2019-09-11 22:15:00
CVE-2019-1300
2019-09-11 22:15:00
github
github
Out-of-bounds write
2021-03-29 20:56:11
Out-of-bounds write
2021-03-29 20:56:04
Out-of-bounds write
2021-03-29 20:56:08
prion
prion
Remote code execution
2019-09-11 22:15:00
Remote code execution
2019-09-11 22:15:00
Remote code execution
2019-09-11 22:15:00
nessus
nessus
Security Updates for Internet Explorer (September 2019)
2019-09-10 00:00:00
Fedora 30 : pam-u2f (2019-b6d3c8b0a8)
2019-06-20 00:00:00
KB4512578: Windows 10 Version 1809 and Windows Server 2019 September 2019 Security Update
2019-09-10 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: September 10, 2019
2019-09-10 07:00:00
September 10, 2019—KB4515384 (OS Build 18362.356)
2019-09-10 07:00:00
September 10, 2019—KB4512578 (OS Build 17763.737)
2019-09-10 07:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: pam-u2f-1.0.8-1.fc30
2019-06-19 22:46:18
[SECURITY] Fedora 29 Update: pam-u2f-1.0.8-1.fc29
2019-08-13 01:59:34
openvas
openvas
Fedora Update for pam-u2f FEDORA-2019-b6d3c8b0a8
2019-06-20 00:00:00
Fedora Update for pam-u2f FEDORA-2019-cd8f4b9568
2019-08-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4515384)
2019-09-11 00:00:00
symantec
symantec
Microsoft Edge Chakra Scripting Engine CVE-2019-1298 Remote Memory Corruption Vulnerability
2019-09-10 00:00:00
Microsoft Edge Scripting Engine CVE-2019-1299 Information Disclosure Vulnerability
2019-09-10 00:00:00
Microsoft Edge Chakra Scripting Engine CVE-2019-1138 Remote Memory Corruption Vulnerability
2019-09-10 00:00:00
mscve
mscve
Chakra Scripting Engine Memory Corruption Vulnerability
2019-09-10 07:00:00
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
2019-09-10 07:00:00
Chakra Scripting Engine Memory Corruption Vulnerability
2019-09-10 07:00:00
checkpoint_advisories
checkpoint_advisories
VBScript Engine Remote Code Execution (CVE-2019-1208)
2019-09-15 00:00:00
Microsoft Internet Explorer Memory Corruption(CVE-2019-1221)
2020-05-08 00:00:00
trendmicroblog
trendmicroblog
This Week in Security News: IoT Devices Are a Target in Cybercriminal Underground
2019-09-13 13:18:33
zdi
zdi
Microsoft Windows VBScript Array Use-After-Free Remote Code Execution Vulnerability
2019-09-12 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Microsoft
2020-12-18 22:28:11
myhack58
myhack58
From BinDiff to 0day: Internet Explorer UAF vulnerability analysis-vulnerability warning-the black bar safety net
2019-09-17 00:00:00
attackerkb
attackerkb
CVE-2019-1367
2019-09-23 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — Sept. 2019: Vulnerability disclosures and Snort coverage
2019-09-10 12:12:34
kaspersky
kaspersky
KLA11555 Multiple vulnerabilities in Microsoft Products (ESU)
2019-09-10 00:00:00
threatpost
threatpost
Microsoft Addresses Two Zero-Days Under Active Attack
2019-09-10 19:54:07

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

91.9%

JSON
Related for KLA11557
veracode5osv10cve11github5prion11nessus13mskb12fedora2openvas12symantec10mscve10checkpoint_advisories2trendmicroblog1zdi1githubexploit1myhack581attackerkb1talosblog1kaspersky1threatpost1