Kaspersky Threats

Detect date

?

09/11/2018

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
An information disclosure vulnerability in Microsoft Scripting Engine can be exploited remotely to obtain sensitive information.
A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely to gain privileges.
An information disclosure vulnerability in Microsoft Edge can be exploited remotely to obtain sensitive information.
A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions.
A remote code execution vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to execute arbitrary code.
A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
A spoofing vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to spoof user interface.

Affected products

Internet Explorer 11
ChakraCore
Internet Explorer 10
Internet Explorer 9
Microsoft Edge (EdgeHTML-based)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8466
CVE-2018-8315
CVE-2018-8459
CVE-2018-8367
CVE-2018-8354
CVE-2018-8452
CVE-2018-8456
CVE-2018-8465
CVE-2018-8467
CVE-2018-8469
CVE-2018-8366
CVE-2018-8470
CVE-2018-8464
CVE-2018-8447
CVE-2018-8425
CVE-2018-8457
CVE-2018-8463
CVE-2018-8461
CVE-2018-8391

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

PE

[?]

SUI

[?]

Detect date ?	09/11/2018
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Microsoft Scripting Engine can be exploited remotely to obtain sensitive information. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information. An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely to gain privileges. An information disclosure vulnerability in Microsoft Edge can be exploited remotely to obtain sensitive information. A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions. A remote code execution vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to execute arbitrary code. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code. A spoofing vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to spoof user interface.
Affected products	Internet Explorer 11 ChakraCore Internet Explorer 10 Internet Explorer 9 Microsoft Edge (EdgeHTML-based)
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2018-8466 CVE-2018-8315 CVE-2018-8459 CVE-2018-8367 CVE-2018-8354 CVE-2018-8452 CVE-2018-8456 CVE-2018-8465 CVE-2018-8467 CVE-2018-8469 CVE-2018-8366 CVE-2018-8470 CVE-2018-8464 CVE-2018-8447 CVE-2018-8425 CVE-2018-8457 CVE-2018-8463 CVE-2018-8461 CVE-2018-8391
Impacts ?	ACE [?] OSI [?] SB [?] PE [?] SUI [?]
Related products	Microsoft Internet Explorer Microsoft Edge ChakraCore
CVE-IDS ?	CVE-2018-83917.6Critical CVE-2018-84667.6Critical CVE-2018-83154.0Warning CVE-2018-84597.6Critical CVE-2018-83677.6Critical CVE-2018-83547.6Critical CVE-2018-84524.3Warning CVE-2018-84567.6Critical CVE-2018-84657.6Critical CVE-2018-84677.6Critical CVE-2018-84694.3Warning CVE-2018-83662.6Warning CVE-2018-84704.3Warning CVE-2018-84649.3Critical CVE-2018-84477.6Critical CVE-2018-84254.3Warning CVE-2018-84577.6Critical CVE-2018-84634.3Warning CVE-2018-84617.6Critical
KB list	4457128 4457131 4457132 4457142 4457138 4457129 4457144 4457135 4457426
Microsoft official advisories	Microsoft Security Update Guide
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/45571 https://www.exploit-db.com/exploits/45572 https://www.exploit-db.com/exploits/45502 https://www.exploit-db.com/exploits/45502
	Find out the statistics of the vulnerabilities spreading in your region

KLA11318Multiple vulnerabilities in Microsoft Browsers

KLA11318
Multiple vulnerabilities in Microsoft Browsers