Kaspersky Threats

Detect date

?

10/08/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.
A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface.
A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.

Affected products

ChakraCore
Internet Explorer 10
Microsoft Edge (EdgeHTML-based)
Internet Explorer 11
Internet Explorer 9

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1356
CVE-2019-1357
CVE-2019-1239
CVE-2019-1366
CVE-2019-1308
CVE-2019-1371
CVE-2019-1238
CVE-2019-1307
CVE-2019-1335
CVE-2019-0608

Impacts

?

ACE

[?]

OSI

[?]

SUI

[?]

Detect date ?	10/08/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information. A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
Affected products	ChakraCore Internet Explorer 10 Microsoft Edge (EdgeHTML-based) Internet Explorer 11 Internet Explorer 9
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2019-1356 CVE-2019-1357 CVE-2019-1239 CVE-2019-1366 CVE-2019-1308 CVE-2019-1371 CVE-2019-1238 CVE-2019-1307 CVE-2019-1335 CVE-2019-0608
Impacts ?	ACE [?] OSI [?] SUI [?]
Related products	Microsoft Internet Explorer Microsoft Edge ChakraCore
CVE-IDS ?	CVE-2019-13667.6Critical CVE-2019-13087.6Critical CVE-2019-13077.6Critical CVE-2019-13357.6Critical CVE-2019-13564.3Warning CVE-2019-13574.3Warning CVE-2019-12397.6Critical CVE-2019-13717.6Critical CVE-2019-12387.1High CVE-2019-06084.3Warning
KB list	4520010 4520008 4520007 4519998 4520005 4517389 4519338 4520011 4520004 4519976 4519974
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11578Multiple vulnerabilities in Microsoft Browsers

KLA11578
Multiple vulnerabilities in Microsoft Browsers