Kaspersky Threats

Detect date

?

02/11/2020

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to gain privileges.
A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Internet Explorer 10
ChakraCore
Microsoft Edge (EdgeHTML-based)
Internet Explorer 9
Internet Explorer 11

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-0663
CVE-2020-0767
CVE-2020-0706
CVE-2020-0713
CVE-2020-0712
CVE-2020-0711
CVE-2020-0710
CVE-2020-0674
CVE-2020-0673

Impacts

?

ACE

[?]

OSI

[?]

PE

[?]

Detect date ?	02/11/2020
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to gain privileges. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Internet Explorer 10 ChakraCore Microsoft Edge (EdgeHTML-based) Internet Explorer 9 Internet Explorer 11
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2020-0663 CVE-2020-0767 CVE-2020-0706 CVE-2020-0713 CVE-2020-0712 CVE-2020-0711 CVE-2020-0710 CVE-2020-0674 CVE-2020-0673
Impacts ?	ACE [?] OSI [?] PE [?]
Related products	Microsoft Internet Explorer Microsoft Edge ChakraCore
CVE-IDS ?	CVE-2020-06634.0Warning CVE-2020-07677.6Critical CVE-2020-07064.3Warning CVE-2020-07137.6Critical CVE-2020-07127.6Critical CVE-2020-07117.6Critical CVE-2020-07107.6Critical CVE-2020-06747.6Critical CVE-2020-06737.6Critical
KB list	4537820 4537821 4537776 4532693 4532691 4537762 4537764 4537789 4537814 4537767
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11667Multiple vulnerabilities in Microsoft Browser

KLA11667
Multiple vulnerabilities in Microsoft Browser