Kaspersky Threats

Detect date

?

10/13/2015

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

Improper memory objects access can be exploited remotely via a specially designed web site to execute arbitrary code;
Improper memory objects handling at script engines can be exploited remotely via a specially designed web site to execute arbitrary code;
Improper permissions validation can be exploited remotely via a specially designed web site to gain privileges;
Improper memory disclosure can be exploited remotely to obtaib sensitive information;
Lack of ASLR restrictions at script engines can be exploited remotely to obtain sensitive information;
Improper memory content disclosure at script engine can be exploited remotely via a specially designed web site to obtain sensitive information.

Affected products

Microsoft Internet Explorer versions from 7 through 11

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2015-2482
CVE-2015-6055
CVE-2015-6059
CVE-2015-6052
CVE-2015-6044
CVE-2015-6047
CVE-2015-6056
CVE-2015-6053
CVE-2015-6050
CVE-2015-6051
CVE-2015-6048
CVE-2015-6049
CVE-2015-6046
CVE-2015-6042

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

PE

[?]

Detect date ?	10/13/2015
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities Improper memory objects access can be exploited remotely via a specially designed web site to execute arbitrary code; Improper memory objects handling at script engines can be exploited remotely via a specially designed web site to execute arbitrary code; Improper permissions validation can be exploited remotely via a specially designed web site to gain privileges; Improper memory disclosure can be exploited remotely to obtaib sensitive information; Lack of ASLR restrictions at script engines can be exploited remotely to obtain sensitive information; Improper memory content disclosure at script engine can be exploited remotely via a specially designed web site to obtain sensitive information.
Affected products	Microsoft Internet Explorer versions from 7 through 11
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2015-2482 CVE-2015-6055 CVE-2015-6059 CVE-2015-6052 CVE-2015-6044 CVE-2015-6047 CVE-2015-6056 CVE-2015-6053 CVE-2015-6050 CVE-2015-6051 CVE-2015-6048 CVE-2015-6049 CVE-2015-6046 CVE-2015-6042
Impacts ?	ACE [?] OSI [?] SB [?] PE [?]
Related products	Microsoft Internet Explorer
CVE-IDS ?	CVE-2015-24829.3Critical CVE-2015-60559.3Critical CVE-2015-60594.3Warning CVE-2015-60524.3Warning CVE-2015-60446.8High CVE-2015-60476.8High CVE-2015-60569.3Critical CVE-2015-60535.0Critical CVE-2015-60509.3Critical CVE-2015-60514.3Warning CVE-2015-60489.3Critical CVE-2015-60499.3Critical CVE-2015-60464.3Warning CVE-2015-60429.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3097617 3094995 3094996 3093983 3096441
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/40798 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10677Multiple vulnerabilities in Microsoft Internet Explorer

KLA10677
Multiple vulnerabilities in Microsoft Internet Explorer