Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Edge, Microsoft Internet Explorer 9 through 11. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

1. An improper handling of mixed content in Microsoft Internet Explorer can be exploited remotely via a malicious website or via an email containing specially designed *.url file to bypass security restrictions;
2. An improper handling of an access to objects in memory in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
3. Multiple vulnerabilities in JavaScript Engine, which are related to handling of an access to objects in memory in Microsoft Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
4. Multiple vulnerabilities related to an incorrect handling of objects in JavaScript engines done while rendering can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as „safe for initialization“ to execute arbitrary code;
5. An improper handling of mixed content in Microsoft Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
6. Multiple vulnerabilities related to an incorrect handling of objects in memory done by Microsoft scripting engines of Microsoft Edge can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as „safe for initialization“ to execute arbitrary code;
7. An improper parsing of HTML and incorrect way of rendering SmartScreen Filter can be exploited remotely via a specially designed URL to spoof user interface;
8. An incorrect handling of sandboxing in Microsoft Edge can be exploited remotely to escape from the AppContainer sandbox and gain privileges;
9. Multiple vulnerabilities in Chakra JavaScript Engine can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as „safe for initialization“ to execute arbitrary code;
10. An improper handling of objects in memory in JavaScript Engine can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as „safe for initialization“ execute arbitrary code;
11. An incorrect rendering of a domain-less page in the URL in Microsoft Edge can be exploited remotely by convincing a user to visit a specially designed webpage to gain privileges and perform actions in the context of the Intranet Zone and access some functions of browser, which are not available while browsing in the context of the Internet Zone.

---

Technical details

Vulnerability (1) allows to load HTTP content, which is unsecure, to HTTS locations, which are secure.

Vulnerabilities (9) in Chakra JavaScript Engine are related to rendering in Microsoft Edge.

To exploit all vulnerabilities described above via a specially designed webpage, a malicious user should somehow convince user to visit it.

Ursprüngliche Informationshinweise

• CVE-2017-0064

• CVE-2017-0238
• CVE-2017-0226
• CVE-2017-0229
• CVE-2017-0228
• CVE-2017-0266
• CVE-2017-0224
• CVE-2017-0227
• CVE-2017-0231
• CVE-2017-0221
• CVE-2017-0234
• CVE-2017-0222
• CVE-2017-0223
• CVE-2017-0241
• CVE-2017-0240
• CVE-2017-0236
• CVE-2017-0266
• CVE-2017-0241
• CVE-2017-0240
• CVE-2017-0238
• CVE-2017-0236
• CVE-2017-0235
• CVE-2017-0234
• CVE-2017-0233
• CVE-2017-0231
• CVE-2017-0230
• CVE-2017-0229
• CVE-2017-0228
• CVE-2017-0227
• CVE-2017-0226
• CVE-2017-0224
• CVE-2017-0222
• CVE-2017-0221
• CVE-2017-0064
• CVE-2017-0223

CVE Liste

• CVE-2017-0266
  critical
• CVE-2017-0241
  critical
• CVE-2017-0240
  critical
• CVE-2017-0238
  critical
• CVE-2017-0236
  critical
• CVE-2017-0235
  critical
• CVE-2017-0234
  critical
• CVE-2017-0233
  critical
• CVE-2017-0231
  critical
• CVE-2017-0230
  critical
• CVE-2017-0229
  critical
• CVE-2017-0228
  critical
• CVE-2017-0227
  critical
• CVE-2017-0226
  critical
• CVE-2017-0224
  critical
• CVE-2017-0222
  critical
• CVE-2017-0221
  critical
• CVE-2017-0064
  critical
• CVE-2017-0223
  critical

KB Liste

• 4016871
• 4019474
• 4018271
• 4019215
• 4019264
• 4019216
• 4034668
• 4034733
• 4034674
• 4034681
• 4034658
• 4034660

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com