Kaspersky Threats

Detect date

?

07/09/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.

Affected products

ChakraCore
Microsoft Edge
Internet Explorer 11
Internet Explorer 10
Internet Explorer 9

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1001
CVE-2019-1107
CVE-2019-1063
CVE-2019-1106
CVE-2019-1104
CVE-2019-1062
CVE-2019-1059
CVE-2019-1092
CVE-2019-1103
CVE-2019-1004
CVE-2019-1056

Impacts

?

ACE

[?]

Detect date ?	07/09/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
Affected products	ChakraCore Microsoft Edge Internet Explorer 11 Internet Explorer 10 Internet Explorer 9
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2019-1001 CVE-2019-1107 CVE-2019-1063 CVE-2019-1106 CVE-2019-1104 CVE-2019-1062 CVE-2019-1059 CVE-2019-1092 CVE-2019-1103 CVE-2019-1004 CVE-2019-1056
Impacts ?	ACE [?]
Related products	Microsoft Internet Explorer Microsoft Edge ChakraCore
CVE-IDS ?	CVE-2019-10017.6Critical CVE-2019-11077.6Critical CVE-2019-11067.6Critical CVE-2019-10627.6Critical CVE-2019-10927.6Critical CVE-2019-11037.6Critical CVE-2019-10637.6Critical CVE-2019-11047.6Critical CVE-2019-10597.6Critical CVE-2019-10047.6Critical CVE-2019-10567.6Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	4507460 4507448 4507453 4507469 4507435 4507462 4507449 4507455 4507458 4507450 4507434
	Find out the statistics of the vulnerabilities spreading in your region

KLA11514Multiple vulnerabilities in Microsoft Browsers

KLA11514
Multiple vulnerabilities in Microsoft Browsers