Multiple vulnerabilities in Internet Explorer

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer 9 through 11. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface or possibly to cause a denial of service.

Below is a complete list of vulnerabilities:

1. An improper handling of objects in memory done by affected components can be exploited remotely via specially designed content to obtain sensitive information;
2. An improper access to objects in memory in affected Microsoft browsers can be exploited remotely via specially designed websites or specially designed content to gain privileges;
3. A type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll can be exploited remotely via vectors involving a specially designed CSS token sequence and specially designed JavaScript code working with a TH element to execute arbitrary code and possibly to cause a denial of service;
4. An improper parsing of HTTP responses in a Microsoft browser via a specially designed URL or website to spoof content or possibly to trigger another attacks;
5. An incorrect handling of objects in memory done by JScript and VBScript while rendering can be exploited remotely via a specially designed website or Microsoft Office document that hosts the IE engine to execute arbitrary code and gain privileges;
6. An improper handling of objects in memory in the JScript scripting engine can be exploited remotely to obtain sensitive information;
7. An improper enforcement of cross-domain policies can be exploited remotely to gain privileges.

Ursprüngliche Informationshinweise

• MS17-006

• CVE-2017-0065
• CVE-2017-0066
• CVE-2017-0067
• CVE-2017-0068
• CVE-2017-0069
• CVE-2017-0070
• CVE-2017-0071
• CVE-2017-0094
• CVE-2017-0037
• CVE-2017-0131
• CVE-2017-0132
• CVE-2017-0133
• CVE-2017-0134
• CVE-2017-0135
• CVE-2017-0136
• CVE-2017-0137
• CVE-2017-0138
• CVE-2017-0140
• CVE-2017-0141
• CVE-2017-0150
• CVE-2017-0151
• CVE-2017-0009
• CVE-2017-0010
• CVE-2017-0011
• CVE-2017-0012
• CVE-2017-0015
• CVE-2017-0017
• CVE-2017-0023
• CVE-2017-0032
• CVE-2017-0033
• CVE-2017-0034
• CVE-2017-0035
• CVE-2017-0049
• CVE-2017-0059
• CVE-2017-0130
• CVE-2017-0149
• CVE-2017-0154
• CVE-2017-0008
• CVE-2017-0018
• CVE-2017-0040

CVE Liste

• CVE-2017-0065
  critical
• CVE-2017-0066
  critical
• CVE-2017-0067
  critical
• CVE-2017-0068
  critical
• CVE-2017-0069
  critical
• CVE-2017-0070
  critical
• CVE-2017-0071
  critical
• CVE-2017-0094
  critical
• CVE-2017-0037
  critical
• CVE-2017-0131
  critical
• CVE-2017-0132
  critical
• CVE-2017-0133
  critical
• CVE-2017-0134
  critical
• CVE-2017-0135
  critical
• CVE-2017-0136
  critical
• CVE-2017-0137
  critical
• CVE-2017-0138
  critical
• CVE-2017-0140
  critical
• CVE-2017-0141
  critical
• CVE-2017-0150
  critical
• CVE-2017-0151
  critical
• CVE-2017-0009
  critical
• CVE-2017-0010
  critical
• CVE-2017-0011
  critical
• CVE-2017-0012
  critical
• CVE-2017-0015
  critical
• CVE-2017-0017
  critical
• CVE-2017-0023
  critical
• CVE-2017-0032
  critical
• CVE-2017-0033
  critical
• CVE-2017-0034
  critical
• CVE-2017-0035
  critical
• CVE-2017-0049
  critical
• CVE-2017-0059
  critical
• CVE-2017-0130
  critical
• CVE-2017-0149
  critical
• CVE-2017-0154
  critical
• CVE-2017-0008
  critical
• CVE-2017-0018
  critical
• CVE-2017-0040
  critical

KB Liste

• 4025342
• 4012204
• 4012217
• 4012215
• 4012216
• 4012606
• 4013198
• 4013429
• 4025339
• 4025344
• 4025338

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com