KLA11265
Multiple vulnerabilities in Microsoft Internet Explorer & Edge
Updated: 11/06/2018
CVSS
?
7.5
Detect date
?
06/12/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An incorrect file marking mechanism in Microsoft Edge can be exploited remotely via a specially designed website to obtain sensitive information;
  2. An improper handling of objects in memory in Microsoft Internet explorer can be exploited remotely via a specially designed website to execute arbitrary code;
  3. Multiple incorrect handling of objects in memory vulnerabilities in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
  4. A security bypass vulnerability in Internet Explorer  can be exploited remotely via a specially designed website to bypass security restrictions;
  5. Memory corruption vulnerability in ChakraCore component of Microsoft Edge scripting engine can be exploited remotely via unspecified attack vector to execute arbitrary code;
  6. Multiple incorrect handling of objects in memory vulnerabilities in Microsoft Edge can be exploited remotely via a specially designed website to obtain sensitive information;
  7. An incorrect handling of requests in Microsoft Edge can be exploited remotely via a specially designed website to bypass security restrictions.

Technical details

Vulnerability (4) allows to bypass Mark of the Web Tagging (MOTW).

Affected products

Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Microsoft Edge

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8227
CVE-2018-8229
CVE-2018-8236
CVE-2018-8113
CVE-2018-8234
CVE-2018-8249
CVE-2018-8110
CVE-2018-8235
CVE-2018-8267
CVE-2018-0871
CVE-2018-8111
CVE-2018-0978

Impacts
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
?

CVE-2018-8227
CVE-2018-8229
CVE-2018-8236
CVE-2018-8113
CVE-2018-8234
CVE-2018-8249
CVE-2018-8110
CVE-2018-8235
CVE-2018-8267
CVE-2018-0871
CVE-2018-8111
CVE-2018-0978

Microsoft official advisories
Microsoft Security Update Guide
KB list

4284860
4284874
4284826
4284835
4284880
4284819
4230450
4284855
4284815