KLA11771
Multiple vulnerabilities in Microsoft Internet Explorer and Edge
Updated: 06/18/2020
Detect date
?
05/12/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in MSHTML Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  2. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  3. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  4. An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to gain privileges.
  5. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
  6. A remote code execution vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to execute arbitrary code.
  7. A spoofing vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to spoof user interface.
  8. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Internet Explorer 11
ChakraCore
Microsoft Edge (EdgeHTML-based)
Internet Explorer 9

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-1064
CVE-2020-1065
CVE-2020-1062
CVE-2020-1056
CVE-2020-1060
CVE-2020-1096
CVE-2020-1059
CVE-2020-1058
CVE-2020-1093
CVE-2020-1092
CVE-2020-1035
CVE-2020-1037

Impacts
?
ACE 
[?]

PE 
[?]

SUI 
[?]
Related products
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
?
CVE-2020-10640.0Unknown
CVE-2020-10650.0Unknown
CVE-2020-10620.0Unknown
CVE-2020-10560.0Unknown
CVE-2020-10600.0Unknown
CVE-2020-10960.0Unknown
CVE-2020-10590.0Unknown
CVE-2020-10580.0Unknown
CVE-2020-10930.0Unknown
CVE-2020-10920.0Unknown
CVE-2020-10350.0Unknown
CVE-2020-10370.0Unknown
KB list

4556799
4556846
4556798
4556840
4556826
4556813
4556812
4551853
4556836
4556807

Microsoft official advisories
Microsoft Security Update Guide