KLA11331
Multiple vulnerabilities in Microsoft Browsers
Updated: 07/22/2020
Detect date
?
10/09/2018
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  2. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
  3. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to bypass security restrictions.
  4. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  5. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
Affected products

ChakraCore
Internet Explorer 11
Microsoft Edge (EdgeHTML-based)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8510
CVE-2018-8503
CVE-2018-8473
CVE-2018-8511
CVE-2018-8505
CVE-2018-8513
CVE-2018-8512
CVE-2018-8491
CVE-2018-8460
CVE-2018-8530
CVE-2018-8509
CVE-2018-8500

Impacts
?
ACE 
[?]

SB 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
?
CVE-2018-85000.0Unknown
CVE-2018-85100.0Unknown
CVE-2018-85030.0Unknown
CVE-2018-84730.0Unknown
CVE-2018-85110.0Unknown
CVE-2018-85050.0Unknown
CVE-2018-85130.0Unknown
CVE-2018-85120.0Unknown
CVE-2018-84910.0Unknown
CVE-2018-84600.0Unknown
CVE-2018-85300.0Unknown
CVE-2018-85090.0Unknown
KB list

4462917
4462918
4462923
4462919
4464330
4462937
4462922
4462926
4462949

Microsoft official advisories
Microsoft Security Update Guide