Multiple vulnerabilities in Microsoft Edge

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information and bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An incorrect handling of objects in memory done by JScript and VBScript while rendering can be exploited remotely via a specially designed website or Microsoft Office document that hosts the IE engine to execute arbitrary code and gain privileges;
2. An improper handling of objects in memory done by affected components can be exploited remotely via specially designed content to obtain sensitive information;
3. An inaccurate parsing of HTTP responses can be exploited remotely via a specially designed website to spoof content or trigger another attack in web services;
4. A type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll can be exploited remotely via vectors involving a specially designed CSS token sequence and specially designed JavaScript code working with a TH element to execute arbitrary code and possibly to cause a denial of service;
5. An improper handling of objects in memory done by Microsoft Windows PDF can be exploited remotely via a specially designed website with malicious PDF content to execute arbitrary code;
6. A failure in applying Same Origin Policy for HTML elements present in the other browser windows can be exploited remotely via a specially designed webpage or website to bypass security restrictions;
7. An improper access to the objects in memorry can be exploited remotely via a specially designed website to execute arbitrary code.

Ursprüngliche Informationshinweise

• MS17-007

• CVE-2017-0065
• CVE-2017-0066
• CVE-2017-0067
• CVE-2017-0068
• CVE-2017-0069
• CVE-2017-0070
• CVE-2017-0071
• CVE-2017-0094
• CVE-2017-0037
• CVE-2017-0131
• CVE-2017-0132
• CVE-2017-0133
• CVE-2017-0134
• CVE-2017-0135
• CVE-2017-0136
• CVE-2017-0137
• CVE-2017-0138
• CVE-2017-0140
• CVE-2017-0141
• CVE-2017-0150
• CVE-2017-0151
• CVE-2017-0009
• CVE-2017-0010
• CVE-2017-0011
• CVE-2017-0012
• CVE-2017-0015
• CVE-2017-0017
• CVE-2017-0023
• CVE-2017-0032
• CVE-2017-0033
• CVE-2017-0034
• CVE-2017-0035

CVE Liste

• CVE-2017-0065
  critical
• CVE-2017-0066
  critical
• CVE-2017-0067
  critical
• CVE-2017-0068
  critical
• CVE-2017-0069
  critical
• CVE-2017-0070
  critical
• CVE-2017-0071
  critical
• CVE-2017-0094
  critical
• CVE-2017-0037
  critical
• CVE-2017-0131
  critical
• CVE-2017-0132
  critical
• CVE-2017-0133
  critical
• CVE-2017-0134
  critical
• CVE-2017-0135
  critical
• CVE-2017-0136
  critical
• CVE-2017-0137
  critical
• CVE-2017-0138
  critical
• CVE-2017-0140
  critical
• CVE-2017-0141
  critical
• CVE-2017-0150
  critical
• CVE-2017-0151
  critical
• CVE-2017-0009
  critical
• CVE-2017-0010
  critical
• CVE-2017-0011
  critical
• CVE-2017-0012
  critical
• CVE-2017-0015
  critical
• CVE-2017-0017
  critical
• CVE-2017-0023
  critical
• CVE-2017-0032
  critical
• CVE-2017-0033
  critical
• CVE-2017-0034
  critical
• CVE-2017-0035
  critical

KB Liste

• 4012606
• 4013198
• 4013429
• 4013071

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com