Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code and spoof user interface.

Below is a complete list of vulnerabilities:

1. An improper handling of redirect requests in Microsoft browsers can be exploited remotely via a specially designed website to bypass security restrictions;
2. An improper access to objects in memory in Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
3. An incorrect handling of objects in memory in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
4. An incorrect applying of Same Origin Policy for HTML elements present in other browser windows in Microsoft Edge can be exploited remotely by convincing a user to load a page or visit a website to bypass security restrictions;
5. An improper handling of objects in memory in Chakra JavaScript engine in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
6. An improper parsing of HTTP content in Microsoft browsers can be exploited remotely by convincing the user to click a specially designed URL to spoof user interface;
7. Multiple vulnerabilities related to incorrect handling of objects in memory in JavaScript engine in Microsoft browsers can be exploited remotely via a specially designed website, Microsoft Office document that hosts the browser rendering engine or embedded ActiveX control marked „safe for initialization“ in an application to execute arbitrary code;
8. Multiple vulnerabilities related to incorrect handling of objects in memory in VBScript engine in Microsoft Internet Explorer can be exploited remotely via a specially designed website, Microsoft office document that hosts the browser rendering engine or embedded ActiveX control marked „safe for initialization“ in an application to execute arbitrary code.

---

Technical details

Vulnerability (7), (8) are related to rendering in JavaScript engines.

Ursprüngliche Informationshinweise

• CVE-2017-8618

• CVE-2017-8619
• CVE-2017-8599
• CVE-2017-8598
• CVE-2017-8617
• CVE-2017-8603
• CVE-2017-8592
• CVE-2017-8601
• CVE-2017-8602
• CVE-2017-8607
• CVE-2017-8596
• CVE-2017-8595
• CVE-2017-8604
• CVE-2017-8609
• CVE-2017-8608
• CVE-2017-8605
• CVE-2017-8611
• CVE-2017-8606
• CVE-2017-8594
• CVE-2017-8610
• CVE-2017-8592
• CVE-2017-8594
• CVE-2017-8595
• CVE-2017-8596
• CVE-2017-8598
• CVE-2017-8599
• CVE-2017-8601
• CVE-2017-8602
• CVE-2017-8603
• CVE-2017-8604
• CVE-2017-8605
• CVE-2017-8606
• CVE-2017-8607
• CVE-2017-8608
• CVE-2017-8609
• CVE-2017-8610
• CVE-2017-8611
• CVE-2017-8617
• CVE-2017-8618
• CVE-2017-8619

CVE Liste

• CVE-2017-8592
  critical
• CVE-2017-8594
  critical
• CVE-2017-8595
  critical
• CVE-2017-8596
  critical
• CVE-2017-8598
  critical
• CVE-2017-8599
  critical
• CVE-2017-8601
  critical
• CVE-2017-8602
  critical
• CVE-2017-8603
  critical
• CVE-2017-8604
  critical
• CVE-2017-8605
  critical
• CVE-2017-8606
  critical
• CVE-2017-8607
  critical
• CVE-2017-8608
  critical
• CVE-2017-8609
  critical
• CVE-2017-8610
  critical
• CVE-2017-8611
  critical
• CVE-2017-8617
  critical
• CVE-2017-8618
  critical
• CVE-2017-8619
  critical

KB Liste

• 4038788
• 4038782
• 4038783
• 4038781
• 4025342
• 4025339
• 4025344
• 4025338
• 4025331
• 4025336
• 4025341
• 4025252

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com