Multiple vulnerabilities in Microsoft Internet Explorer & Edge

Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

1. Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code;
2. Lack of content type enforcement can be exploited remotely via a specially designed web content to gain privileges;
3. Lack of Address Space Layout Randomization enforcement can be exploited remotely via a specially designed web content to bypass security feature;
4. Improper HTTP responses parsing can be exploited remotely via a specially designed URL to spoof user interface;
5. Improper permissions validation can be exploited remotely via a specially designed web content to gain privileges;
6. Improper HTML disabling can be exploited remotely via a specially designed web content to inject arbitrary code;
7. Improper memory handling at VBScript can be exploited remotely via a specially designed web content to obtain sensitive information or execute arbitrary code.

---

Technical details

There some technical notes for vulnerability (3) you can read in MS15-124 listed in original advisories section.

Original advisories

• CVE-2015-6135

• CVE-2015-6136
• CVE-2015-6134
• CVE-2015-6140
• CVE-2015-6155
• CVE-2015-6083
• CVE-2015-6138
• CVE-2015-6169
• CVE-2015-6168
• CVE-2015-6176
• CVE-2015-6170
• CVE-2015-6153
• CVE-2015-6152
• CVE-2015-6151
• CVE-2015-6150
• CVE-2015-6149
• CVE-2015-6148
• CVE-2015-6147
• CVE-2015-6146
• CVE-2015-6145
• CVE-2015-6144
• CVE-2015-6142
• CVE-2015-6143
• CVE-2015-6162
• CVE-2015-6164
• CVE-2015-6160
• CVE-2015-6161
• CVE-2015-6154
• CVE-2015-6141
• CVE-2015-6156
• CVE-2015-6157
• CVE-2015-6158
• CVE-2015-6159
• CVE-2015-6139

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Internet-Explorer

CVE list

• CVE-2015-6135
  critical
• CVE-2015-6136
  critical
• CVE-2015-6134
  critical
• CVE-2015-6140
  critical
• CVE-2015-6155
  critical
• CVE-2015-6083
  critical
• CVE-2015-6138
  warning
• CVE-2015-6169
  warning
• CVE-2015-6168
  critical
• CVE-2015-6176
  warning
• CVE-2015-6170
  high
• CVE-2015-6153
  critical
• CVE-2015-6152
  critical
• CVE-2015-6151
  critical
• CVE-2015-6150
  critical
• CVE-2015-6149
  critical
• CVE-2015-6148
  critical
• CVE-2015-6147
  critical
• CVE-2015-6146
  critical
• CVE-2015-6145
  critical
• CVE-2015-6144
  warning
• CVE-2015-6142
  critical
• CVE-2015-6143
  critical
• CVE-2015-6162
  critical
• CVE-2015-6164
  high
• CVE-2015-6160
  critical
• CVE-2015-6161
  warning
• CVE-2015-6154
  critical
• CVE-2015-6141
  critical
• CVE-2015-6156
  critical
• CVE-2015-6157
  warning
• CVE-2015-6158
  critical
• CVE-2015-6159
  critical
• CVE-2015-6139
  critical

KB list

• 3116900
• 3116869
• 3105579
• 3105578
• 3104002
• 3116184
• 3116180

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com