Kaspersky Threats

Detect date

?

12/08/2015

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code;
Lack of content type enforcement can be exploited remotely via a specially designed web content to gain privileges;
Lack of Address Space Layout Randomization enforcement can be exploited remotely via a specially designed web content to bypass security feature;
Improper HTTP responses parsing can be exploited remotely via a specially designed URL to spoof user interface;
Improper permissions validation can be exploited remotely via a specially designed web content to gain privileges;
Improper HTML disabling can be exploited remotely via a specially designed web content to inject arbitrary code;
Improper memory handling at VBScript can be exploited remotely via a specially designed web content to obtain sensitive information or execute arbitrary code.

Technical details

There some technical notes for vulnerability (3) you can read in MS15-124 listed in original advisories section.

Affected products

Microsoft Internet Explorer versions 7 through 11
Microsoft Edge

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2015-6135
CVE-2015-6136
CVE-2015-6134
CVE-2015-6140
CVE-2015-6155
CVE-2015-6083
CVE-2015-6138
CVE-2015-6169
CVE-2015-6168
CVE-2015-6176
CVE-2015-6170
CVE-2015-6153
CVE-2015-6152
CVE-2015-6151
CVE-2015-6150
CVE-2015-6149
CVE-2015-6148
CVE-2015-6147
CVE-2015-6146
CVE-2015-6145
CVE-2015-6144
CVE-2015-6142
CVE-2015-6143
CVE-2015-6162
CVE-2015-6164
CVE-2015-6160
CVE-2015-6161
CVE-2015-6154
CVE-2015-6141
CVE-2015-6156
CVE-2015-6157
CVE-2015-6158
CVE-2015-6159
CVE-2015-6139

Impacts

?

ACE

[?]

OSI

[?]

CI

[?]

SB

[?]

PE

[?]

SUI

[?]

Related products

Microsoft Internet Explorer

CVE-IDS

?

Microsoft official advisories

Microsoft Security Update Guide

KB list

3116900
3116869
3105579
3105578
3104002
3116184
3116180

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/40878

https://www.exploit-db.com/exploits/38972

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Find out the statistics of the vulnerabilities spreading in your region

Detect date ?	12/08/2015
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information. Below is a complete list of vulnerabilities Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code; Lack of content type enforcement can be exploited remotely via a specially designed web content to gain privileges; Lack of Address Space Layout Randomization enforcement can be exploited remotely via a specially designed web content to bypass security feature; Improper HTTP responses parsing can be exploited remotely via a specially designed URL to spoof user interface; Improper permissions validation can be exploited remotely via a specially designed web content to gain privileges; Improper HTML disabling can be exploited remotely via a specially designed web content to inject arbitrary code; Improper memory handling at VBScript can be exploited remotely via a specially designed web content to obtain sensitive information or execute arbitrary code. Technical details There some technical notes for vulnerability (3) you can read in MS15-124 listed in original advisories section.
Affected products	Microsoft Internet Explorer versions 7 through 11 Microsoft Edge
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2015-6135 CVE-2015-6136 CVE-2015-6134 CVE-2015-6140 CVE-2015-6155 CVE-2015-6083 CVE-2015-6138 CVE-2015-6169 CVE-2015-6168 CVE-2015-6176 CVE-2015-6170 CVE-2015-6153 CVE-2015-6152 CVE-2015-6151 CVE-2015-6150 CVE-2015-6149 CVE-2015-6148 CVE-2015-6147 CVE-2015-6146 CVE-2015-6145 CVE-2015-6144 CVE-2015-6142 CVE-2015-6143 CVE-2015-6162 CVE-2015-6164 CVE-2015-6160 CVE-2015-6161 CVE-2015-6154 CVE-2015-6141 CVE-2015-6156 CVE-2015-6157 CVE-2015-6158 CVE-2015-6159 CVE-2015-6139
Impacts ?	ACE [?] OSI [?] CI [?] SB [?] PE [?] SUI [?]
Related products	Microsoft Internet Explorer
CVE-IDS ?	CVE-2015-61355.0Critical CVE-2015-61369.3Critical CVE-2015-61349.3Critical CVE-2015-61409.3Critical CVE-2015-61559.3Critical CVE-2015-60839.3Critical CVE-2015-61384.3Warning CVE-2015-61694.3Warning CVE-2015-61689.3Critical CVE-2015-61764.3Warning CVE-2015-61706.8High CVE-2015-61539.3Critical CVE-2015-61529.3Critical CVE-2015-61519.3Critical CVE-2015-61509.3Critical CVE-2015-61499.3Critical CVE-2015-61489.3Critical CVE-2015-61479.3Critical CVE-2015-61469.3Critical CVE-2015-61459.3Critical CVE-2015-61444.3Warning CVE-2015-61429.3Critical CVE-2015-61439.3Critical CVE-2015-61629.3Critical CVE-2015-61646.8High CVE-2015-61609.3Critical CVE-2015-61614.3Warning CVE-2015-61549.3Critical CVE-2015-61419.3Critical CVE-2015-61569.3Critical CVE-2015-61574.3Warning CVE-2015-61589.3Critical CVE-2015-61599.3Critical CVE-2015-61399.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3116900 3116869 3105579 3105578 3104002 3116184 3116180
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/40878 https://www.exploit-db.com/exploits/38972 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10720Multiple vulnerabilities in Microsoft Internet Explorer & Edge

KLA10720
Multiple vulnerabilities in Microsoft Internet Explorer & Edge