KLA11578
Multiple vulnerabilities in Microsoft Browsers

Updated: 07/22/2020
Detect date
?
10/08/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.
  2. A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface.
  3. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
  4. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  5. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
Affected products

ChakraCore
Internet Explorer 10
Microsoft Edge (EdgeHTML-based)
Internet Explorer 11
Internet Explorer 9

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1356
CVE-2019-1357
CVE-2019-1239
CVE-2019-1366
CVE-2019-1308
CVE-2019-1371
CVE-2019-1238
CVE-2019-1307
CVE-2019-1335
CVE-2019-0608

Impacts
?
ACE 
[?]

OSI 
[?]

SUI 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
?
CVE-2019-13660.0Unknown
CVE-2019-13080.0Unknown
CVE-2019-13070.0Unknown
CVE-2019-13350.0Unknown
CVE-2019-13560.0Unknown
CVE-2019-13570.0Unknown
CVE-2019-12390.0Unknown
CVE-2019-13710.0Unknown
CVE-2019-12380.0Unknown
CVE-2019-06080.0Unknown
KB list

4520010
4520008
4520007
4519998
4520005
4517389
4519338
4520011
4520004
4519976
4519974

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region