KLA11199
Multiple vulnerabilities in Microsoft Edge and Internet Explorer
Updated: 12/04/2018
CVSS
?
9.3
Detect date
?
02/13/2018
Severity
?
High
Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information and execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Improper objects handling vulnerabilities can be exploited remotely via specially crafted website to obtain sensitive information;
  2. An improper requests handling vulnerability can be exploited remotely via specially crafted website to bypass security restrictions;
  3. Memory corruption vulnerabilities in the scripting engine can be exploited remotely via specially crafted website to execute arbitrary code.

Technical details

Vulnerabilities (1) and (2) affects only Microsoft Edge

Affected products

Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-0763
CVE-2018-0771
CVE-2018-0834
CVE-2018-0835
CVE-2018-0836
CVE-2018-0837
CVE-2018-0838
CVE-2018-0839
CVE-2018-0840
CVE-2018-0856
CVE-2018-0857
CVE-2018-0859
CVE-2018-0860
CVE-2018-0861
CVE-2018-0866

Impacts
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
?

CVE-2018-0763
CVE-2018-0771
CVE-2018-0834
CVE-2018-0835
CVE-2018-0836
CVE-2018-0837
CVE-2018-0838
CVE-2018-0839
CVE-2018-0840
CVE-2018-0856
CVE-2018-0857
CVE-2018-0859
CVE-2018-0860
CVE-2018-0861
CVE-2018-0866

Microsoft official advisories
Microsoft Security Update Guide
KB list

4074591
4074590
4088776
4074598
4074594
4074593
4074596
4074592
4074588
4074736