Beschreibung
Multiple serious vulnerabilities were found in Microsoft browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions and spoof user interface.
Below is a complete list of vulnerabilities:
- A memory corruption vulnerability in Chakra scripting engine can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in ChakraCore scripting engine can be exploited remotely to execute arbitrary code.
- A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Microsoft browsers can be exploited remotely via specially crafted content to obtain sensitive information.
- An elevation of privileges vulnerability in Microsoft Edge can be exploited remotely via escape from the AppContainer sandbox to gain privileges.
- A remote code execution vulnerability in Chakra scripting engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in browser scripting engine can be exploited remotely via conviction a user to visit a malicious site to obtain sensitive information.
- An information disclosure vulnerability in Microsoft Edge Fetch API can be exploited remotely via reading the URL of a cross-origin request to obtain sensitive information.
- A security feature bypass vulnerability in Internet Explorer can be exploited remotely via crafted malicious website to bypass security restrictions.
- A remote code execution vulnerability in Microsoft Edge PDF Reader can be exploited remotely via specially crafted PDF content to execute arbitrary code.
- A remote code execution vulnerability in Chakra scripting engine can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
- A spoofing vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to spoof user interface.
- A remote code execution vulnerability in Microsoft browsers can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Chakra scripting engine can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
Ursprüngliche Informationshinweise
- CVE-2018-8459
- CVE-2018-8456
- CVE-2018-8354
- CVE-2018-8452
- CVE-2018-8469
- CVE-2018-8467
- CVE-2018-8315
- CVE-2018-8366
- CVE-2018-8470
- CVE-2018-8464
- CVE-2018-8367
- CVE-2018-8447
- CVE-2018-8425
- CVE-2018-8457
- CVE-2018-8465
- CVE-2018-8463
- CVE-2018-8461
CVE Liste
- CVE-2018-8466 critical
- CVE-2018-8315 critical
- CVE-2018-8459 critical
- CVE-2018-8367 critical
- CVE-2018-8354 critical
- CVE-2018-8452 critical
- CVE-2018-8456 critical
- CVE-2018-8465 critical
- CVE-2018-8467 critical
- CVE-2018-8469 critical
- CVE-2018-8366 critical
- CVE-2018-8470 critical
- CVE-2018-8464 critical
- CVE-2018-8447 critical
- CVE-2018-8425 critical
- CVE-2018-8457 critical
- CVE-2018-8463 critical
- CVE-2018-8461 critical
KB Liste
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!