KLA10755
Multiple vulnerabilities in Microsoft Edge

Updated: 06/03/2020
Detect date
?
02/09/2016
Severity
?
High
Description

Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code or bypass security features.

Below is a complete list of vulnerabilities

  1. An improper HTTP responses parsing can be exploited remotely via a specially designed web site to spoof user interface;
  2. An improper exceptions handling can be exploited remotely via a specially designed web site to bypass Address Space Layout Randomization;
  3. An improper memory objects access can be exploited remotely via a specially designed web site to execute arbitrary code.
Affected products

Microsoft Edge

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-0060
CVE-2016-0061
CVE-2016-0062
CVE-2016-0084
CVE-2016-0080
CVE-2016-0077

Impacts
?
ACE 
[?]

SB 
[?]

SUI 
[?]
Related products
Microsoft Edge
CVE-IDS
?
CVE-2016-00609.3Critical
CVE-2016-00619.3Critical
CVE-2016-00629.3Critical
CVE-2016-00849.3Critical
CVE-2016-00804.3Warning
CVE-2016-00774.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

3135173
3135174
3134225

Find out the statistics of the vulnerabilities spreading in your region