KLA10789
Multiple vulnerabilities in Microsoft Internet Explorer and Edge
Updated: 01/12/2018
CVSS
?
7.6
Detect date
?
04/12/2016
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitraty code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. An improper memory objects access can be exploited remotely via a specially designed content to execute arbitrary code;
  2. An improper input validation before loading libraries can be exploited by logged in attacker via a specially designed application to gain privileges;
  3. An improper JavaScript handling can be exploited remotely to obtain sensitive information or gain privileges;
  4. Lack of cross-domain policies enforcement can be exploited remotely via a specially designed content to gain privileges.
Affected products

Microsoft Internet Explorer versions 9 through 11
Microsoft Edge

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS16-037
MS16-038

Impacts
?
ACE 
[?]

OSI 
[?]

PE 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
?

CVE-2016-0166
CVE-2016-0164
CVE-2016-0162
CVE-2016-0161
CVE-2016-0160
CVE-2016-0159
CVE-2016-0158
CVE-2016-0157
CVE-2016-0156
CVE-2016-0155
CVE-2016-0154

Microsoft official advisories
MS16-037
MS16-038
KB list

3148532
3148198
3147461
3148531
3147458