Kaspersky Threats

Detect date

?

09/13/2016

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or obtain sensitive information.

Below is a complete list of vulnerabilities

An improper memory objects access can be exploited remotely via a specially designed content to execute arbitrary code;
Lack of sandbox restrictions can be exploited remotely to gain privileges;
An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information;
An improper cross-origin requests handling can be exploited via a specially designed content to obtain sensitive information;
An improper files handling can be exploited via a specially designed content to bypass security restrictions.

Affected products

Microsoft Internet Explorer versions from 9 through 11
Microsoft Edge

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-3247
CVE-2016-3291
CVE-2016-3292
CVE-2016-3294
CVE-2016-3295
CVE-2016-3370
CVE-2016-3374
CVE-2016-3324
CVE-2016-3375
CVE-2016-3330
CVE-2016-3325
CVE-2016-3297
CVE-2016-3350
CVE-2016-3351
CVE-2016-3353
CVE-2016-3377

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

PE

[?]

Detect date ?	09/13/2016
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities An improper memory objects access can be exploited remotely via a specially designed content to execute arbitrary code; Lack of sandbox restrictions can be exploited remotely to gain privileges; An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information; An improper cross-origin requests handling can be exploited via a specially designed content to obtain sensitive information; An improper files handling can be exploited via a specially designed content to bypass security restrictions.
Affected products	Microsoft Internet Explorer versions from 9 through 11 Microsoft Edge
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-3247 CVE-2016-3291 CVE-2016-3292 CVE-2016-3294 CVE-2016-3295 CVE-2016-3370 CVE-2016-3374 CVE-2016-3324 CVE-2016-3375 CVE-2016-3330 CVE-2016-3325 CVE-2016-3297 CVE-2016-3350 CVE-2016-3351 CVE-2016-3353 CVE-2016-3377
Impacts ?	ACE [?] OSI [?] SB [?] PE [?]
Related products	Microsoft Internet Explorer Microsoft Edge
CVE-IDS ?	CVE-2016-32475.1High CVE-2016-32912.6Warning CVE-2016-32925.1High CVE-2016-32947.6Critical CVE-2016-32955.1High CVE-2016-33704.3Warning CVE-2016-33744.3Warning CVE-2016-33246.8High CVE-2016-33757.6Critical CVE-2016-33307.6Critical CVE-2016-33252.6Warning CVE-2016-32976.8High CVE-2016-33507.6Critical CVE-2016-33512.6Warning CVE-2016-33535.1High CVE-2016-33777.6Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3185611 3185614 3189866 3185319
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/40797 https://www.exploit-db.com/exploits/40748 https://www.exploit-db.com/exploits/40747
	Find out the statistics of the vulnerabilities spreading in your region

KLA10875Multiple vulnerabilities in Microsoft Edge and Internet Explorer

KLA10875
Multiple vulnerabilities in Microsoft Edge and Internet Explorer