Multiple vulnerabilities in Microsoft Internet Explorer and Edge

Description

Multiple vulnerabilities were found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
2. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
3. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.
4. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
5. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
6. An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information.
7. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to obtain sensitive information.
8. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.
9. An elevation of privilege vulnerability in Internet Explorer can be exploited remotely via IMPORTANTTHING to gain privileges.
10. A memory corruption vulnerability in Scripting Engine can be exploited remotely via IMPORTANTTHING to execute arbitrary code.

Original advisories

• CVE-2018-0872

• CVE-2018-0873
• CVE-2018-0874
• CVE-2018-0876
• CVE-2018-0879
• CVE-2018-0889
• CVE-2018-0891
• CVE-2018-0893
• CVE-2018-0927
• CVE-2018-0929
• CVE-2018-0930
• CVE-2018-0931
• CVE-2018-0932
• CVE-2018-0933
• CVE-2018-0934
• CVE-2018-0935
• CVE-2018-0936
• CVE-2018-0937
• CVE-2018-0939
• CVE-2018-0942
• CVE-2018-0925

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Internet-Explorer
• Microsoft-Edge
• ChakraCore

CVE list

• CVE-2018-0872
  critical
• CVE-2018-0873
  critical
• CVE-2018-0874
  critical
• CVE-2018-0876
  critical
• CVE-2018-0879
  warning
• CVE-2018-0889
  critical
• CVE-2018-0891
  warning
• CVE-2018-0893
  critical
• CVE-2018-0927
  warning
• CVE-2018-0929
  warning
• CVE-2018-0930
  critical
• CVE-2018-0931
  critical
• CVE-2018-0932
  warning
• CVE-2018-0933
  critical
• CVE-2018-0934
  critical
• CVE-2018-0935
  critical
• CVE-2018-0936
  critical
• CVE-2018-0937
  critical
• CVE-2018-0939
  warning
• CVE-2018-0942
  warning
• CVE-2018-0925
  critical

KB list

• 4088782
• 4088787
• 4088786
• 4088779
• 4089187
• 4088877
• 4088875
• 4088776
• 4088876
• 4096040

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com