KLA10885
Multiple vulnerabilities in Microsoft Edge and Internet Explorer
Updated: 10/21/2016
CVSS
?
9.3
Detect date
?
10/11/2016
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information or gain privileges.

Below is a complete list of vulnerabilities

  1. An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code;
  2. An improper memory objects handling at Chakra JavaScript engine can be exploited remotely via a specially designed content to execute arbitrary code;
  3. An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information;
  4. Lack of credential data storage restrictions can be exploited locally via harvesting memory dump to obtain sensitive information;
  5. Lack of private namespace security restrictions can be exploited remotely to gain privileges;
  6. An improper validation can be exploited remotely via a specially designed content to bypass security restrictions.
Affected products

Microsoft Edge
Microsoft Internet Explorer versions 9 through 11

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS16-118
MS16-119

Impacts
?
ACE 
[?]

OSI 
[?]

PE 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
?

CVE-2016-3267
CVE-2016-3298
CVE-2016-3331
CVE-2016-3382
CVE-2016-3383
CVE-2016-3384
CVE-2016-3385
CVE-2016-3386
CVE-2016-3387
CVE-2016-3388
CVE-2016-3389
CVE-2016-3390
CVE-2016-3391
CVE-2016-3392
CVE-2016-7189
CVE-2016-7190
CVE-2016-7194

Microsoft official advisories
MS16-118
MS16-119
KB list

3192441
3192440
3192887
3191492
3192392
3185331
3185330
3185332
3192890
3192393
3194798
3192391