Multiple vulnerabilities in Microsoft Internet Explorer

Описание

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

1. Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code
2. Improper memory handling at VBScript and JScript engines can be exploited remotely via a specially designed web content or ActiveX control to execute arbitrary code;
3. Improper memory content disclosure can be exploited remotely via a specially designed web content to obtain sensitive information;
4. Improper Address Space Layout Randomization can be exploited remotely via a specially designed web content to bypass security restrictions.

---

Technical details

To mitigate vulnerability (2) access to VBScript.dll and JScript.dll can be restricted. For further details look at original advisory.

Первичный источник обнаружения

• CVE-2015-6064
  CVE-2015-6078
  CVE-2015-6088
  CVE-2015-6073
  CVE-2015-6087
  CVE-2015-6066
  CVE-2015-6068
  CVE-2015-6065
  CVE-2015-6071
  CVE-2015-6072
  CVE-2015-6069
  CVE-2015-6070
  CVE-2015-6074
  CVE-2015-6086
  CVE-2015-6077
  CVE-2015-6082
  CVE-2015-6081
  CVE-2015-6080
  CVE-2015-6079
  CVE-2015-6076
  CVE-2015-6075
  CVE-2015-2427
  CVE-2015-6089
  CVE-2015-6085
  CVE-2015-6084
  

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• Microsoft-Internet-Explorer

Список CVE

• CVE-2015-6064
  critical
• CVE-2015-6078
  critical
• CVE-2015-6088
  warning
• CVE-2015-6073
  critical
• CVE-2015-6087
  critical
• CVE-2015-6066
  critical
• CVE-2015-6068
  critical
• CVE-2015-6065
  critical
• CVE-2015-6071
  critical
• CVE-2015-6072
  critical
• CVE-2015-6069
  critical
• CVE-2015-6070
  critical
• CVE-2015-6074
  critical
• CVE-2015-6086
  warning
• CVE-2015-6077
  critical
• CVE-2015-6082
  critical
• CVE-2015-6081
  critical
• CVE-2015-6080
  critical
• CVE-2015-6079
  critical
• CVE-2015-6076
  critical
• CVE-2015-6075
  critical
• CVE-2015-2427
  critical
• CVE-2015-6089
  critical
• CVE-2015-6085
  critical
• CVE-2015-6084
  critical

Список KB

• 3105211
• 3105213
• 3104517
• 3100773

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com