KLA11578
Multiple vulnerabilities in Microsoft Browsers
Updated: 10/11/2019
Detect date
?
10/08/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.
  2. A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface.
  3. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
  4. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  5. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
Affected products

ChakraCore
Internet Explorer 10
Microsoft Edge (EdgeHTML-based)
Internet Explorer 11
Internet Explorer 9

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1356
CVE-2019-1357
CVE-2019-1239
CVE-2019-1366
CVE-2019-1308
CVE-2019-1371
CVE-2019-1238
CVE-2019-1307
CVE-2019-1335
CVE-2019-0608

Impacts
?
ACE 
[?]

OSI 
[?]

SUI 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
?
CVE-2019-13660.0Unknown
CVE-2019-13080.0Unknown
CVE-2019-13070.0Unknown
CVE-2019-13350.0Unknown
CVE-2019-13560.0Unknown
CVE-2019-13570.0Unknown
CVE-2019-12390.0Unknown
CVE-2019-13710.0Unknown
CVE-2019-12380.0Unknown
CVE-2019-06080.0Unknown
KB list

4520010
4520008
4520007
4519998
4520005
4517389
4520002
4519338
4520011
4520004
4519976
4519974

Microsoft official advisories
Microsoft Security Update Guide