Kaspersky Threats

Detect date

?

11/10/2015

Severity

?

High

Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code
Improper memory handling at VBScript and JScript engines can be exploited remotely via a specially designed web content or ActiveX control to execute arbitrary code;
Improper memory content disclosure can be exploited remotely via a specially designed web content to obtain sensitive information;
Improper Address Space Layout Randomization can be exploited remotely via a specially designed web content to bypass security restrictions.

Technical details

To mitigate vulnerability (2) access to VBScript.dll and JScript.dll can be restricted. For further details look at original advisory.

Affected products

Microsoft Internet Explorer versions from 7 through 11

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2015-6064
CVE-2015-6078
CVE-2015-6088
CVE-2015-6073
CVE-2015-6087
CVE-2015-6066
CVE-2015-6068
CVE-2015-6065
CVE-2015-6071
CVE-2015-6072
CVE-2015-6069
CVE-2015-6070
CVE-2015-6074
CVE-2015-6086
CVE-2015-6077
CVE-2015-6082
CVE-2015-6081
CVE-2015-6080
CVE-2015-6079
CVE-2015-6076
CVE-2015-6075
CVE-2015-2427
CVE-2015-6089
CVE-2015-6085
CVE-2015-6084

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

SUI

[?]

Related products

Microsoft Internet Explorer

CVE-IDS

?

Microsoft official advisories

Microsoft Security Update Guide

KB list

3105211
3105213
3104517
3100773

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/39698

Detect date ?	11/10/2015
Severity ?	High
Description	Multiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code Improper memory handling at VBScript and JScript engines can be exploited remotely via a specially designed web content or ActiveX control to execute arbitrary code; Improper memory content disclosure can be exploited remotely via a specially designed web content to obtain sensitive information; Improper Address Space Layout Randomization can be exploited remotely via a specially designed web content to bypass security restrictions. Technical details To mitigate vulnerability (2) access to VBScript.dll and JScript.dll can be restricted. For further details look at original advisory.
Affected products	Microsoft Internet Explorer versions from 7 through 11
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2015-6064 CVE-2015-6078 CVE-2015-6088 CVE-2015-6073 CVE-2015-6087 CVE-2015-6066 CVE-2015-6068 CVE-2015-6065 CVE-2015-6071 CVE-2015-6072 CVE-2015-6069 CVE-2015-6070 CVE-2015-6074 CVE-2015-6086 CVE-2015-6077 CVE-2015-6082 CVE-2015-6081 CVE-2015-6080 CVE-2015-6079 CVE-2015-6076 CVE-2015-6075 CVE-2015-2427 CVE-2015-6089 CVE-2015-6085 CVE-2015-6084
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?] SUI [?]
Related products	Microsoft Internet Explorer
CVE-IDS ?	CVE-2015-60649.3Critical CVE-2015-60789.3Critical CVE-2015-60884.3Warning CVE-2015-60739.3Critical CVE-2015-60879.3Critical CVE-2015-60669.3Critical CVE-2015-60689.3Critical CVE-2015-60659.3Critical CVE-2015-60719.3Critical CVE-2015-60729.3Critical CVE-2015-60699.3Critical CVE-2015-60709.3Critical CVE-2015-60749.3Critical CVE-2015-60864.3Warning CVE-2015-60779.3Critical CVE-2015-60829.3Critical CVE-2015-60819.3Critical CVE-2015-60809.3Critical CVE-2015-60799.3Critical CVE-2015-60769.3Critical CVE-2015-60759.3Critical CVE-2015-24279.3Critical CVE-2015-60899.3Critical CVE-2015-60859.3Critical CVE-2015-60849.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3105211 3105213 3104517 3100773
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/39698