KLA11681
Multiple vulnerabilities in Microsoft Browser
Updated: 06/18/2020
Detect date
?
03/10/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  2. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  3. An information disclosure vulnerability in Scripting Engine can be exploited remotely to obtain sensitive information.
  4. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
  5. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  6. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  7. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  8. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Internet Explorer 11
Internet Explorer 9
Microsoft Edge (EdgeHTML-based)
ChakraCore

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-0829
CVE-2020-0811
CVE-2020-0812
CVE-2020-0813
CVE-2020-0816
CVE-2020-0828
CVE-2020-0832
CVE-2020-0833
CVE-2020-0830
CVE-2020-0831
CVE-2020-0825
CVE-2020-0824
CVE-2020-0768
CVE-2020-0826
CVE-2020-0847
CVE-2020-0827
CVE-2020-0848
CVE-2020-0823

Impacts
?
ACE 
[?]

OSI 
[?]
Related products
Microsoft Internet Explorer
Microsoft VBScript engine
Microsoft Edge
CVE-IDS
?
CVE-2020-08290.0Unknown
CVE-2020-08110.0Unknown
CVE-2020-08120.0Unknown
CVE-2020-08130.0Unknown
CVE-2020-08160.0Unknown
CVE-2020-08280.0Unknown
CVE-2020-08320.0Unknown
CVE-2020-08330.0Unknown
CVE-2020-08300.0Unknown
CVE-2020-08310.0Unknown
CVE-2020-08250.0Unknown
CVE-2020-08240.0Unknown
CVE-2020-07680.0Unknown
CVE-2020-08260.0Unknown
CVE-2020-08470.0Unknown
CVE-2020-08270.0Unknown
CVE-2020-08480.0Unknown
CVE-2020-08230.0Unknown
KB list

4538461
4541510
4540689
4541509
4540681
4540693
4540673
4540670
4540671
4540688

Microsoft official advisories
Microsoft Security Update Guide