Multiple vulnerabilities in Microsoft Internet Explorer & Edge

Описание

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

1. Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code;
2. Lack of content type enforcement can be exploited remotely via a specially designed web content to gain privileges;
3. Lack of Address Space Layout Randomization enforcement can be exploited remotely via a specially designed web content to bypass security feature;
4. Improper HTTP responses parsing can be exploited remotely via a specially designed URL to spoof user interface;
5. Improper permissions validation can be exploited remotely via a specially designed web content to gain privileges;
6. Improper HTML disabling can be exploited remotely via a specially designed web content to inject arbitrary code;
7. Improper memory handling at VBScript can be exploited remotely via a specially designed web content to obtain sensitive information or execute arbitrary code.

---

Technical details

There some technical notes for vulnerability (3) you can read in MS15-124 listed in original advisories section.

Первичный источник обнаружения

• CVE-2015-6135
  CVE-2015-6136
  CVE-2015-6134
  CVE-2015-6140
  CVE-2015-6155
  CVE-2015-6083
  CVE-2015-6138
  CVE-2015-6169
  CVE-2015-6168
  CVE-2015-6176
  CVE-2015-6170
  CVE-2015-6153
  CVE-2015-6152
  CVE-2015-6151
  CVE-2015-6150
  CVE-2015-6149
  CVE-2015-6148
  CVE-2015-6147
  CVE-2015-6146
  CVE-2015-6145
  CVE-2015-6144
  CVE-2015-6142
  CVE-2015-6143
  CVE-2015-6162
  CVE-2015-6164
  CVE-2015-6160
  CVE-2015-6161
  CVE-2015-6154
  CVE-2015-6141
  CVE-2015-6156
  CVE-2015-6157
  CVE-2015-6158
  CVE-2015-6159
  CVE-2015-6139
  

Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/40878

https://www.exploit-db.com/exploits/38972

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Internet-Explorer

Список CVE

• CVE-2015-6135
  critical
• CVE-2015-6136
  critical
• CVE-2015-6134
  critical
• CVE-2015-6140
  critical
• CVE-2015-6155
  critical
• CVE-2015-6083
  critical
• CVE-2015-6138
  warning
• CVE-2015-6169
  warning
• CVE-2015-6168
  critical
• CVE-2015-6176
  warning
• CVE-2015-6170
  high
• CVE-2015-6153
  critical
• CVE-2015-6152
  critical
• CVE-2015-6151
  critical
• CVE-2015-6150
  critical
• CVE-2015-6149
  critical
• CVE-2015-6148
  critical
• CVE-2015-6147
  critical
• CVE-2015-6146
  critical
• CVE-2015-6145
  critical
• CVE-2015-6144
  warning
• CVE-2015-6142
  critical
• CVE-2015-6143
  critical
• CVE-2015-6162
  critical
• CVE-2015-6164
  high
• CVE-2015-6160
  critical
• CVE-2015-6161
  warning
• CVE-2015-6154
  critical
• CVE-2015-6141
  critical
• CVE-2015-6156
  critical
• CVE-2015-6157
  warning
• CVE-2015-6158
  critical
• CVE-2015-6159
  critical
• CVE-2015-6139
  critical

Список KB

• 3116900
• 3116869
• 3105579
• 3105578
• 3104002
• 3116184
• 3116180

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com