Description
Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to bypass security restrictions, perform privilege escalation, execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
- An improper validation at Content Security Policy can be exploited remotely via a specially designed content to bypass security restrictions;
- An improper memory objects handling at Chakra JavaScript engine can be exploited remotely via a specially designed content to execute arbitrary code;
- An improper PDF parsing can be exploited remotely via a specially designed pdf document to obtain sensitive information or execute arbitrary code;
- A vulnerability in Web Proxy Auto Discovery (WPAD) protocol can be exploited remotely to bypass security restrictions and perform privilege escalation;
- A vulnerability in XSS Filter can be exploited remotely to perform a universal cross-site scripting attack;
- Internet Explorer Memory Corruption Vulnerability can be exploited remotely via a specially designed content to execute arbitrary code and perform privilege escalation;
- Scripting Engine Memory Corruption Vulnerability can be exploited remotely via a specially designed content to execute arbitrary code and perform privilege escalation;
Original advisories
- CVE-2016-3206
- CVE-2016-3205
- CVE-2016-3215
- CVE-2016-3214
- CVE-2016-3213
- CVE-2016-3212
- CVE-2016-3211
- CVE-2016-3210
- CVE-2016-3203
- CVE-2016-3202
- CVE-2016-3201
- CVE-2016-3199
- CVE-2016-3198
- CVE-2016-0199
- CVE-2016-0200
- CVE-2016-3222
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2016-3207 critical
- CVE-2016-3206 critical
- CVE-2016-3205 critical
- CVE-2016-3215 warning
- CVE-2016-3214 critical
- CVE-2016-3213 critical
- CVE-2016-3212 warning
- CVE-2016-3211 critical
- CVE-2016-3210 critical
- CVE-2016-3203 critical
- CVE-2016-3202 critical
- CVE-2016-3201 warning
- CVE-2016-3199 critical
- CVE-2016-3198 warning
- CVE-2016-0199 critical
- CVE-2016-0200 critical
- CVE-2016-3222 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!