Kaspersky Threats

Detect date

?

09/08/2020

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
A memory corruption vulnerability in Internet Explorer Browser Helper Object (BHO) can be exploited remotely via specially crafted website to execute arbitrary code.
An elevation of privilege vulnerability in WinINet API can be exploited remotely via specially crafted website to gain privileges.
An elevation of privilege vulnerability in Windows Start-Up Application can be exploited remotely via specially crafted website to gain privileges.
A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.

Affected products

ChakraCore
Microsoft Edge (Chromium-based)
Internet Explorer 11
Microsoft Edge (EdgeHTML-based)
Internet Explorer 9

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-1057
CVE-2020-1172
CVE-2020-16884
CVE-2020-1180
CVE-2020-1012
CVE-2020-1506
CVE-2020-0878

Impacts

?

ACE

[?]

PE

[?]

Detect date ?	09/08/2020
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code. A memory corruption vulnerability in Internet Explorer Browser Helper Object (BHO) can be exploited remotely via specially crafted website to execute arbitrary code. An elevation of privilege vulnerability in WinINet API can be exploited remotely via specially crafted website to gain privileges. An elevation of privilege vulnerability in Windows Start-Up Application can be exploited remotely via specially crafted website to gain privileges. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
Affected products	ChakraCore Microsoft Edge (Chromium-based) Internet Explorer 11 Microsoft Edge (EdgeHTML-based) Internet Explorer 9
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2020-1057 CVE-2020-1172 CVE-2020-16884 CVE-2020-1180 CVE-2020-1012 CVE-2020-1506 CVE-2020-0878
Impacts ?	ACE [?] PE [?]
Related products	Microsoft Internet Explorer Microsoft Edge ChakraCore
CVE-IDS ?	CVE-2020-08785.1High CVE-2020-10579.3Critical CVE-2020-11727.6Critical CVE-2020-168846.8High CVE-2020-11807.6Critical CVE-2020-10126.8High CVE-2020-15066.8High
KB list	4571756 4577041 4570333 4577032 4577049 4577015 4577051 4577066 4574727 4577038 4577010
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11954Multiple vulnerabilities in Microsoft Browsers

KLA11954
Multiple vulnerabilities in Microsoft Browsers