Lucene search

K
kasperskyKaspersky LabKLA11578
HistoryOct 08, 2019 - 12:00 a.m.

KLA11578 Multiple vulnerabilities in Microsoft Browsers

2019-10-0800:00:00
Kaspersky Lab
threats.kaspersky.com
13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.8%

Detect date:

10/08/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

ChakraCore
Internet Explorer 10
Microsoft Edge (EdgeHTML-based)
Internet Explorer 11
Internet Explorer 9

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1356
CVE-2019-1357
CVE-2019-1239
CVE-2019-1366
CVE-2019-1308
CVE-2019-1371
CVE-2019-1238
CVE-2019-1307
CVE-2019-1335
CVE-2019-0608

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2019-13667.6Critical
CVE-2019-13087.6Critical
CVE-2019-13077.6Critical
CVE-2019-13357.6Critical
CVE-2019-13564.3Warning
CVE-2019-13574.3Warning
CVE-2019-12397.6Critical
CVE-2019-13717.6Critical
CVE-2019-12387.1High
CVE-2019-06084.3Warning

KB list:

4520010
4520008
4520007
4519998
4520005
4517389
4519338
4520011
4520004
4519976
4519974

Microsoft official advisories:

References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.8%