Lucene search

K
kasperskyKaspersky LabKLA11858
HistoryJul 14, 2020 - 12:00 a.m.

KLA11858 Multiple vulnerabilities in Microsoft Browser

2020-07-1400:00:00
Kaspersky Lab
threats.kaspersky.com
20

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.194 Low

EPSS

Percentile

96.3%

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Skype for Business via Microsoft Edge (EdgeHTML-based) can be exploited remotely via specially crafted to obtain sensitive information.
  2. An information disclosure vulnerability in Skype for Business via Internet Explorer can be exploited remotely via specially crafted to obtain sensitive information.
  3. An information disclosure vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to obtain sensitive information.
  4. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.

Original advisories

CVE-2020-1462

CVE-2020-1432

CVE-2020-1433

CVE-2020-1403

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Edge

CVE list

CVE-2020-1462 warning

CVE-2020-1432 warning

CVE-2020-1433 warning

CVE-2020-1403 critical

KB list

4565541

4565524

4558998

4565489

4565479

4565483

4565508

4565511

4565513

4565537

4565503

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

  • Internet Explorer 9Internet Explorer 11Microsoft Edge (EdgeHTML-based)

References

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.194 Low

EPSS

Percentile

96.3%