Description
Multiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code and spoof user interface.
Below is a complete list of vulnerabilities:
- An improper handling of redirect requests in Microsoft browsers can be exploited remotely via a specially designed website to bypass security restrictions;
- An improper access to objects in memory in Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
- An incorrect handling of objects in memory in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
- An incorrect applying of Same Origin Policy for HTML elements present in other browser windows in Microsoft Edge can be exploited remotely by convincing a user to load a page or visit a website to bypass security restrictions;
- An improper handling of objects in memory in Chakra JavaScript engine in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
- An improper parsing of HTTP content in Microsoft browsers can be exploited remotely by convincing the user to click a specially designed URL to spoof user interface;
- Multiple vulnerabilities related to incorrect handling of objects in memory in JavaScript engine in Microsoft browsers can be exploited remotely via a specially designed website, Microsoft Office document that hosts the browser rendering engine or embedded ActiveX control marked “safe for initialization” in an application to execute arbitrary code;
- Multiple vulnerabilities related to incorrect handling of objects in memory in VBScript engine in Microsoft Internet Explorer can be exploited remotely via a specially designed website, Microsoft office document that hosts the browser rendering engine or embedded ActiveX control marked “safe for initialization” in an application to execute arbitrary code.
Technical details
Vulnerability (7), (8) are related to rendering in JavaScript engines.
Original advisories
- CVE-2017-8619
- CVE-2017-8599
- CVE-2017-8598
- CVE-2017-8617
- CVE-2017-8603
- CVE-2017-8592
- CVE-2017-8601
- CVE-2017-8602
- CVE-2017-8607
- CVE-2017-8596
- CVE-2017-8595
- CVE-2017-8604
- CVE-2017-8609
- CVE-2017-8608
- CVE-2017-8605
- CVE-2017-8611
- CVE-2017-8606
- CVE-2017-8594
- CVE-2017-8610
- CVE-2017-8592
- CVE-2017-8594
- CVE-2017-8595
- CVE-2017-8596
- CVE-2017-8598
- CVE-2017-8599
- CVE-2017-8601
- CVE-2017-8602
- CVE-2017-8603
- CVE-2017-8604
- CVE-2017-8605
- CVE-2017-8606
- CVE-2017-8607
- CVE-2017-8608
- CVE-2017-8609
- CVE-2017-8610
- CVE-2017-8611
- CVE-2017-8617
- CVE-2017-8618
- CVE-2017-8619
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Internet-Explorer
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-VBScript-engine
- Microsoft-Windows-10
- Microsoft-Edge
CVE list
- CVE-2017-8592 warning
- CVE-2017-8594 critical
- CVE-2017-8595 critical
- CVE-2017-8596 critical
- CVE-2017-8598 critical
- CVE-2017-8599 warning
- CVE-2017-8601 critical
- CVE-2017-8602 warning
- CVE-2017-8603 critical
- CVE-2017-8604 critical
- CVE-2017-8605 critical
- CVE-2017-8606 critical
- CVE-2017-8607 critical
- CVE-2017-8608 critical
- CVE-2017-8609 critical
- CVE-2017-8610 critical
- CVE-2017-8611 warning
- CVE-2017-8617 critical
- CVE-2017-8618 critical
- CVE-2017-8619 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!