KLA10720
Multiple vulnerabilities in Microsoft Internet Explorer & Edge
Updated: 12/11/2015
CVSS
?
9.3
Detect date
?
12/08/2015
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code;
  2. Lack of content type enforcement can be exploited remotely via a specially designed web content to gain privileges;
  3. Lack of Address Space Layout Randomization enforcement can be exploited remotely via a specially designed web content to bypass security feature;
  4. Improper HTTP responses parsing can be exploited remotely via a specially designed URL to spoof user interface;
  5. Improper permissions validation can be exploited remotely via a specially designed web content to gain privileges;
  6. Improper HTML disabling can be exploited remotely via a specially designed web content to inject arbitrary code;
  7. Improper memory handling at VBScript can be exploited remotely via a specially designed web content to obtain sensitive information or execute arbitrary code.


Technical details

There some technical notes for vulnerability (3) you can read in MS15-124 listed in original advisories section.

 

Affected products

Microsoft Internet Explorer versions 7 through 11
Microsoft Edge

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS15-124
MS15-125

Impacts
?
SUI 
[?]

CI 
[?]

ACE 
[?]

OSI 
[?]

SB 
[?]

PE 
[?]
Related products
Microsoft Internet Explorer
CVE-IDS
?

CVE-2015-6176
CVE-2015-6170
CVE-2015-6169
CVE-2015-6168
CVE-2015-6164
CVE-2015-6162
CVE-2015-6161
CVE-2015-6160
CVE-2015-6159
CVE-2015-6158
CVE-2015-6157
CVE-2015-6156
CVE-2015-6155
CVE-2015-6154
CVE-2015-6153
CVE-2015-6152
CVE-2015-6151
CVE-2015-6150
CVE-2015-6149
CVE-2015-6148
CVE-2015-6147
CVE-2015-6146
CVE-2015-6145
CVE-2015-6144
CVE-2015-6143
CVE-2015-6142
CVE-2015-6141
CVE-2015-6140
CVE-2015-6139
CVE-2015-6138
CVE-2015-6136
CVE-2015-6135
CVE-2015-6134
CVE-2015-6083

Microsoft official advisories
MS15-124
MS15-125
KB list

3116869
3105579
3105578
3116900
3104002
3116184
3116180