Kaspersky Threats

Detect date

?

11/13/2018

Severity

?

Critical

Description

Multiple serious vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
An information disclosure vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to obtain sensitive information.
An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to gain privileges.
A spoofing vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to spoof user interface.
A memory corruption vulnerability in Windows Scripting Engine can be exploited remotely to obtain sensitive information.
A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.

Affected products

Microsoft Edge
ChakraCore
Internet Explorer 11
Internet Explorer 9
Internet Explorer 10

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8588
CVE-2018-8557
CVE-2018-8545
CVE-2018-8542
CVE-2018-8556
CVE-2018-8543
CVE-2018-8567
CVE-2018-8564
CVE-2018-8541
CVE-2018-8552
CVE-2018-8570
CVE-2018-8555
CVE-2018-8551

Impacts

?

ACE

[?]

OSI

[?]

PE

[?]

SUI

[?]

Detect date ?	11/13/2018
Severity ?	Critical
Description	Multiple serious vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to obtain sensitive information. An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to gain privileges. A spoofing vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to spoof user interface. A memory corruption vulnerability in Windows Scripting Engine can be exploited remotely to obtain sensitive information. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
Affected products	Microsoft Edge ChakraCore Internet Explorer 11 Internet Explorer 9 Internet Explorer 10
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2018-8588 CVE-2018-8557 CVE-2018-8545 CVE-2018-8542 CVE-2018-8556 CVE-2018-8543 CVE-2018-8567 CVE-2018-8564 CVE-2018-8541 CVE-2018-8552 CVE-2018-8570 CVE-2018-8555 CVE-2018-8551
Impacts ?	ACE [?] OSI [?] PE [?] SUI [?]
Related products	Microsoft Internet Explorer Microsoft Edge
CVE-IDS ?	CVE-2018-85887.6Critical CVE-2018-85577.6Critical CVE-2018-85454.3Warning CVE-2018-85427.6Critical CVE-2018-85567.6Critical CVE-2018-85437.6Critical CVE-2018-85675.8High CVE-2018-85644.3Warning CVE-2018-85417.6Critical CVE-2018-85527.6Critical CVE-2018-85707.6Critical CVE-2018-85557.6Critical CVE-2018-85517.6Critical
KB list	4467680 4467708 4467691 4467702 4467686 4467696 4467701 4467697 4466536 4467107
Microsoft official advisories	Microsoft Security Update Guide
Exploitation	Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA11353Multiple vulnerabilities in Microsoft Browser

KLA11353
Multiple vulnerabilities in Microsoft Browser