Kaspersky Threats

Detect date

?

06/11/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted to bypass security restrictions.
An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Internet Explorer 11
Microsoft Edge
Internet Explorer 10
Internet Explorer 9
ChakraCore

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1081
CVE-2019-1051
CVE-2019-1054
CVE-2019-0993
CVE-2019-1024
CVE-2019-0989
CVE-2019-0990
CVE-2019-1038
CVE-2019-1002
CVE-2019-1005
CVE-2019-1055
CVE-2019-0991
CVE-2019-1023
CVE-2019-1080
CVE-2019-0992
CVE-2019-1003
CVE-2019-0988
CVE-2019-1052
CVE-2019-0920

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

Detect date ?	06/11/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted to bypass security restrictions. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Internet Explorer 11 Microsoft Edge Internet Explorer 10 Internet Explorer 9 ChakraCore
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2019-1081 CVE-2019-1051 CVE-2019-1054 CVE-2019-0993 CVE-2019-1024 CVE-2019-0989 CVE-2019-0990 CVE-2019-1038 CVE-2019-1002 CVE-2019-1005 CVE-2019-1055 CVE-2019-0991 CVE-2019-1023 CVE-2019-1080 CVE-2019-0992 CVE-2019-1003 CVE-2019-0988 CVE-2019-1052 CVE-2019-0920
Impacts ?	ACE [?] OSI [?] SB [?]
Related products	Microsoft Internet Explorer Microsoft Edge
CVE-IDS ?	CVE-2019-10814.3Warning CVE-2019-10517.6Critical CVE-2019-10545.1High CVE-2019-09937.6Critical CVE-2019-10247.6Critical CVE-2019-09897.6Critical CVE-2019-09904.3Warning CVE-2019-10387.6Critical CVE-2019-10027.6Critical CVE-2019-10057.6Critical CVE-2019-10557.6Critical CVE-2019-09917.6Critical CVE-2019-10234.3Warning CVE-2019-10807.6Critical CVE-2019-09927.6Critical CVE-2019-10037.6Critical CVE-2019-09887.6Critical CVE-2019-10527.6Critical CVE-2019-09207.6Critical
KB list	4503293 4503327 4503286 4503284 4503285 4503276 4503292 4503267 4503291 4503279 4503259 4512497
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11500Multiple vulnerabilities in Microsoft Browsers

KLA11500
Multiple vulnerabilities in Microsoft Browsers