KLA10740
Multiple vulnerabilities in Microsoft Internet Explorer and Edge
Updated: 05/22/2020
Detect date
?
01/12/2016
Severity
?
High
Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

  1. Improper memory objects handling at VBScript engine can be exploited remotely via a specially designed web content to execute arbitrary code;
  2. Lack of cross-domain policies enforcement can be exploited remotely via a specially designed web content to gain privileges;
  3. Improper memory objects handling can be exploited remotely via a specially designed web content to execute arbitrary code;
  4. Improper memory objects handling at Chakra JavaScript can be exploited remotely via a specially designed web content to execute arbitrary code.

Technical details

To mitigate vulnerability (1) you can restrict access to VBScript.dll

Affected products

Microsoft Edge
Microsoft Internet Explorer versions from 7 through 11

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-0002
CVE-2016-0024
CVE-2016-0005
CVE-2016-0003

Impacts
?
ACE 
[?]

PE 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
?
CVE-2016-00020.0Unknown
CVE-2016-00240.0Unknown
CVE-2016-00050.0Unknown
CVE-2016-00030.0Unknown
Microsoft official advisories
Microsoft Security Update Guide