KLA11002
Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer
Updated: 05/15/2017
CVSS
?
6.1
Detect date
?
05/08/2017
Severity
?
High
Description

Multiple serious vulnerabilities have been found in Microsoft Edge, Microsoft Internet Explorer 9 through 11. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An improper handling of mixed content in Microsoft Internet Explorer can be exploited remotely via a malicious website or via an email containing specially designed *.url file to bypass security restrictions;
  2. An improper handling of an access to objects in memory in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
  3. Multiple vulnerabilities in JavaScript Engine, which are related to handling of an access to objects in memory in Microsoft Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
  4. An incorrect handling of objects in JavaScript engines done while rendering can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as “safe for initialization” to execute arbitrary code;
  5. An improper handling of mixed content in Microsoft Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
  6. Multiple vulnerabilities related to an incorrect handling of objects in memory done by Microsoft scripting engines of Microsoft Edge can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as “safe for initialization”  to execute arbitrary code;
  7. An improper parsing of HTML and incorrect way of rendering SmartScreen Filter can be exploited remotely via a specially designed URL to spoof user interface;
  8. An incorrect handling of sandboxing in Microsoft Edge can be exploited remotely to escape from the AppContainer sandbox and gain privileges;
  9. Multiple vulnerabilities in Chakra JavaScript Engine can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as “safe for initialization” to execute arbitrary code;
  10. An improper handling of objects in memory in JavaScript Engine can be exploited remotely via specially designed websites and Microsoft documents or an embedded ActiveX control marked as “safe for initialization” execute arbitrary code;
  11. An incorrect rendering of a domain-less page in the URL in Microsoft Edge can be exploited remotely by convincing a user to visit a specially designed webpage to gain privileges and perform actions in the context of the Intranet Zone and access some functions of browser, which are not available while browsing in the context of the Internet Zone.

Technical details

Vulnerability (1) allows to load HTTP content, which is unsecure, to HTTS locations, which are secure.

Vulnerabilities (9) in Chakra JavaScript Engine are related to rendering in Microsoft Edge.

To exploit all vulnerabilities described above via a specially designed webpage, a malicious user should somehow convince user to visit it. 

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

Affected products

Microsoft Edge
Microsoft Internet Explorer versions 9 through 11

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-0266
CVE-2017-0241
CVE-2017-0240
CVE-2017-0238
CVE-2017-0236
CVE-2017-0235
CVE-2017-0234
CVE-2017-0233
CVE-2017-0231
CVE-2017-0230
CVE-2017-0229
CVE-2017-0228
CVE-2017-0227
CVE-2017-0226
CVE-2017-0224
CVE-2017-0222
CVE-2017-0221
CVE-2017-0064

Impacts
?
SUI 
[?]

ACE 
[?]

SB 
[?]

PE 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
?

CVE-2017-0266
CVE-2017-0241
CVE-2017-0240
CVE-2017-0238
CVE-2017-0236
CVE-2017-0235
CVE-2017-0234
CVE-2017-0233
CVE-2017-0231
CVE-2017-0230
CVE-2017-0229
CVE-2017-0228
CVE-2017-0227
CVE-2017-0226
CVE-2017-0224
CVE-2017-0222
CVE-2017-0221
CVE-2017-0064

MS list
CVE-2017-0266
CVE-2017-0241
CVE-2017-0240
CVE-2017-0238
CVE-2017-0236
CVE-2017-0235
CVE-2017-0234
CVE-2017-0233
CVE-2017-0231
CVE-2017-0230
CVE-2017-0229
CVE-2017-0228
CVE-2017-0227
CVE-2017-0226
CVE-2017-0224
CVE-2017-0222
CVE-2017-0221
CVE-2017-0064
KB list

401973
401972
4016871
4019474
4018271
4019215
4019264