Searching
..

Click anywhere to stop

KLA11222
Multiple vulnerabilities in Microsoft Browsers

Updated: 01/22/2024
Detect date
?
04/10/2018
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.
  2. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  3. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  4. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
  5. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.
  6. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  7. An information disclosure vulnerability in Microsoft Edge can be exploited remotely via specially crafted to obtain sensitive information.
  8. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
  9. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.
Affected products

Microsoft Edge (EdgeHTML-based)
Internet Explorer 9
Internet Explorer 10
ChakraCore
Internet Explorer 11

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-0981
CVE-2018-0994
CVE-2018-0997
CVE-2018-0990
CVE-2018-1023
CVE-2018-1000
CVE-2018-0892
CVE-2018-1001
CVE-2018-1019
CVE-2018-1018
CVE-2018-0998
CVE-2018-1020
CVE-2018-0988
CVE-2018-0979
CVE-2018-0980
CVE-2018-0987
CVE-2018-0995
CVE-2018-0989
CVE-2018-0870
CVE-2018-0991
CVE-2018-0993
CVE-2018-0996

Impacts
?
ACE 
[?]

OSI 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
?
CVE-2018-09812.6Warning
CVE-2018-09947.6Critical
CVE-2018-09977.6Critical
CVE-2018-09907.6Critical
CVE-2018-10237.6Critical
CVE-2018-10002.6Warning
CVE-2018-08924.3Warning
CVE-2018-10017.6Critical
CVE-2018-10197.6Critical
CVE-2018-10187.6Critical
CVE-2018-09984.3Warning
CVE-2018-10207.6Critical
CVE-2018-09887.6Critical
CVE-2018-09797.6Critical
CVE-2018-09807.6Critical
CVE-2018-09874.3Warning
CVE-2018-09957.6Critical
CVE-2018-09894.3Warning
CVE-2018-08707.6Critical
CVE-2018-09917.6Critical
CVE-2018-09937.6Critical
CVE-2018-09967.6Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

4093112
4093114
4093111
4093107
4093109
4093119
4093118
4093123
4092946

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Find out the statistics of the vulnerabilities spreading in your region