Description
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.
Below is a complete list of vulnerabilities:
- Multiple vulnerabilities related to an improper handling of objects in memory can be exploited remotely by convincing a user to visit a specially designed website to execute arbitrary code;
- Incorrect restrictions put on the way the information is returned to Microsoft Edge by JavaScript object methods can be exploited remotely by convincing a user to visit a specially designed website to obtain sensitive information;
- Multiple vulnerabilities related to an improper handling of objects in memory done by JavaScript scripting engines can be exploited remotely by convincing a user to visit a specially designed website, by embedding an ActiveX control marked “safe for initialization” in an application or via a Microsoft Office document which hosts the Edge rendering engine to execute arbitrary code;
- An incorrect handling of specific filtered response types done by the Fetch API in Microsoft Edge can be exploited remotely by convincing a user to visit a specially designed website to obtain sensitive information;
- An improper handling of objects in memory in Microsoft Internet Explorer can be exploited remotely by convincing a user to visit a specially designed website to execute arbitrary code;
- An incorrect check for scripts which attempt to matipulate HTML elements in other browser windows can be exploited remotely by convincing a user to visit a specially designed website or load a specially designed page to bypass security restrictions;
- An improper handling of objects in memory can be exploited remotely by convincing a user to visit a specially designed website to obtain sensitive information;
- An improper enforcement of same-origin policies in Microsoft Edge can be exploited remotely by convincing a user to visit a specially designed website or load a specially designed page to bypass security restrictions;
- An incorrect validation of documents done by the CSP (Content Security Policy) in Microsoft Edge can be exploited remotely by convincing a user to visit a specially designed website or load a specially designed page to bypass security restrictions.
Original advisories
- CVE-2017-8498
- CVE-2017-8499
- CVE-2017-8496
- CVE-2017-8497
- CVE-2017-8523
- CVE-2017-8530
- CVE-2017-8524
- CVE-2017-8522
- CVE-2017-8549
- CVE-2017-8517
- CVE-2017-8521
- CVE-2017-8504
- CVE-2017-8548
- CVE-2017-8519
- CVE-2017-8547
- CVE-2017-8555
- CVE-2017-8529
- CVE-2017-8496
- CVE-2017-8497
- CVE-2017-8498
- CVE-2017-8499
- CVE-2017-8504
- CVE-2017-8517
- CVE-2017-8519
- CVE-2017-8520
- CVE-2017-8521
- CVE-2017-8522
- CVE-2017-8523
- CVE-2017-8524
- CVE-2017-8529
- CVE-2017-8547
- CVE-2017-8548
- CVE-2017-8549
- CVE-2017-8555
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2017-8496 critical
- CVE-2017-8497 critical
- CVE-2017-8498 warning
- CVE-2017-8499 critical
- CVE-2017-8504 warning
- CVE-2017-8517 critical
- CVE-2017-8519 critical
- CVE-2017-8520 critical
- CVE-2017-8521 critical
- CVE-2017-8522 critical
- CVE-2017-8523 warning
- CVE-2017-8524 critical
- CVE-2017-8529 high
- CVE-2017-8530 high
- CVE-2017-8547 critical
- CVE-2017-8548 critical
- CVE-2017-8549 critical
- CVE-2017-8555 warning
KB list
- 4038788
- 4038782
- 4038783
- 4038792
- 4038799
- 4038781
- 4038777
- 4022719
- 4022726
- 4022714
- 4021558
- 4022724
- 4022727
- 4022715
- 4022725
- 4036586
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!