Kaspersky Threats

KLA11199
Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Updated: 01/04/2019

Detect date ?	02/13/2018
Severity ?	High
Description	Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities: Improper objects handling vulnerabilities can be exploited remotely via specially crafted website to obtain sensitive information; An improper requests handling vulnerability can be exploited remotely via specially crafted website to bypass security restrictions; Memory corruption vulnerabilities in the scripting engine can be exploited remotely via specially crafted website to execute arbitrary code. Technical details Vulnerabilities (1) and (2) affects only Microsoft Edge
Affected products	Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Edge
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2018-0763 CVE-2018-0771 CVE-2018-0834 CVE-2018-0835 CVE-2018-0836 CVE-2018-0837 CVE-2018-0838 CVE-2018-0839 CVE-2018-0840 CVE-2018-0856 CVE-2018-0857 CVE-2018-0859 CVE-2018-0860 CVE-2018-0861 CVE-2018-0866
Impacts ?	ACE [?] OSI [?] SB [?]
Related products	Microsoft Internet Explorer Microsoft Edge
CVE-IDS ?	CVE-2018-0763 CVE-2018-0771 CVE-2018-0834 CVE-2018-0835 CVE-2018-0836 CVE-2018-0837 CVE-2018-0838 CVE-2018-0839 CVE-2018-0840 CVE-2018-0856 CVE-2018-0857 CVE-2018-0859 CVE-2018-0860 CVE-2018-0861 CVE-2018-0866
Microsoft official advisories	Microsoft Security Update Guide
KB list	4074591 4074590 4088776 4074598 4074594 4074593 4074596 4074592 4074588 4074736