Kaspersky Threats

Detect date

?

04/11/2017

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to to gain privileges, execute arbitrary code, bypass security restrictions and obtain sensitive information.

Below is a complete list of vulnerabilities:

An improper handling of objects in memory in Microsoft browsers can be exploited remotely via a specially designed website to execute arbitrary code;
An incorrect access to objects in memory in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
An improper handling of objects in memory in the JScript and VBScript engines in Internet Explorer can be exploited remotely via a specially crafted website to execute arbitrary code;
An incorrect access to objects in memory in Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
An improper validation of documents in Microsoft Edge Content Security Policy can be exploited remotely via certain specially designed documents to trick a user into loading a web page with malicious content;
An incorrect handling of objects in memory in the Chakra scripting engine can be exploited remotely via a specially designed website to obtain sensitive information;
An improper enforcing of cross-domain policies in Internet Explorer can be exploited remotely via a specially designed website to gain privileges.

Affected products

Microsoft Edge
Microsoft Internet Explorer versions 9 through 11

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-0205
CVE-2017-0203
CVE-2017-0202
CVE-2017-0201
CVE-2017-0200
CVE-2017-0093
CVE-2017-0208
CVE-2017-0210
CVE-2017-0093
CVE-2017-0200
CVE-2017-0201
CVE-2017-0202
CVE-2017-0203
CVE-2017-0205
CVE-2017-0208
CVE-2017-0210

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

PE

[?]

Detect date ?	04/11/2017
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to to gain privileges, execute arbitrary code, bypass security restrictions and obtain sensitive information. Below is a complete list of vulnerabilities: An improper handling of objects in memory in Microsoft browsers can be exploited remotely via a specially designed website to execute arbitrary code; An incorrect access to objects in memory in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code; An improper handling of objects in memory in the JScript and VBScript engines in Internet Explorer can be exploited remotely via a specially crafted website to execute arbitrary code; An incorrect access to objects in memory in Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code; An improper validation of documents in Microsoft Edge Content Security Policy can be exploited remotely via certain specially designed documents to trick a user into loading a web page with malicious content; An incorrect handling of objects in memory in the Chakra scripting engine can be exploited remotely via a specially designed website to obtain sensitive information; An improper enforcing of cross-domain policies in Internet Explorer can be exploited remotely via a specially designed website to gain privileges.
Affected products	Microsoft Edge Microsoft Internet Explorer versions 9 through 11
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2017-0205 CVE-2017-0203 CVE-2017-0202 CVE-2017-0201 CVE-2017-0200 CVE-2017-0093 CVE-2017-0208 CVE-2017-0210 CVE-2017-0093 CVE-2017-0200 CVE-2017-0201 CVE-2017-0202 CVE-2017-0203 CVE-2017-0205 CVE-2017-0208 CVE-2017-0210
Impacts ?	ACE [?] OSI [?] SB [?] PE [?]
Related products	Microsoft Internet Explorer Microsoft Edge
CVE-IDS ?	CVE-2017-00937.6Critical CVE-2017-02007.6Critical CVE-2017-02017.6Critical CVE-2017-02027.6Critical CVE-2017-02034.3Warning CVE-2017-02057.6Critical CVE-2017-02084.3Warning CVE-2017-02104.3Warning
Microsoft official advisories	Microsoft Security Update Guide
KB list	4015549 4015550 4015221 4014661 4015551 4015219 4015217 4015583
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/41941
	Find out the statistics of the vulnerabilities spreading in your region

KLA11058Multiple vulnerabilities in Microsoft Edge and Internet Explorer

KLA11058
Multiple vulnerabilities in Microsoft Edge and Internet Explorer