Multiple vulnerabilities in Microsoft Internet Explorer and Edge

Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

1. Improper memory objects handling at VBScript engine can be exploited remotely via a specially designed web content to execute arbitrary code;
2. Lack of cross-domain policies enforcement can be exploited remotely via a specially designed web content to gain privileges;
3. Improper memory objects handling can be exploited remotely via a specially designed web content to execute arbitrary code;
4. Improper memory objects handling at Chakra JavaScript can be exploited remotely via a specially designed web content to execute arbitrary code.

---

Technical details

To mitigate vulnerability (1) you can restrict access to VBScript.dll

Original advisories

• CVE-2016-0002

• CVE-2016-0024
• CVE-2016-0005
• CVE-2016-0003

Related products

• Microsoft-Internet-Explorer
• Microsoft-Edge

CVE list

• CVE-2016-0002
  critical
• CVE-2016-0024
  critical
• CVE-2016-0005
  warning
• CVE-2016-0003
  critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com