KLA10720
Multiple vulnerabilities in Microsoft Internet Explorer & Edge

Обновлено: 18/06/2020
Дата обнаружения
08/12/2015
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code;
  2. Lack of content type enforcement can be exploited remotely via a specially designed web content to gain privileges;
  3. Lack of Address Space Layout Randomization enforcement can be exploited remotely via a specially designed web content to bypass security feature;
  4. Improper HTTP responses parsing can be exploited remotely via a specially designed URL to spoof user interface;
  5. Improper permissions validation can be exploited remotely via a specially designed web content to gain privileges;
  6. Improper HTML disabling can be exploited remotely via a specially designed web content to inject arbitrary code;
  7. Improper memory handling at VBScript can be exploited remotely via a specially designed web content to obtain sensitive information or execute arbitrary code.

Technical details

There some technical notes for vulnerability (3) you can read in MS15-124 listed in original advisories section.

Пораженные продукты

Microsoft Internet Explorer versions 7 through 11
Microsoft Edge

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2015-6135
CVE-2015-6136
CVE-2015-6134
CVE-2015-6140
CVE-2015-6155
CVE-2015-6083
CVE-2015-6138
CVE-2015-6169
CVE-2015-6168
CVE-2015-6176
CVE-2015-6170
CVE-2015-6153
CVE-2015-6152
CVE-2015-6151
CVE-2015-6150
CVE-2015-6149
CVE-2015-6148
CVE-2015-6147
CVE-2015-6146
CVE-2015-6145
CVE-2015-6144
CVE-2015-6142
CVE-2015-6143
CVE-2015-6162
CVE-2015-6164
CVE-2015-6160
CVE-2015-6161
CVE-2015-6154
CVE-2015-6141
CVE-2015-6156
CVE-2015-6157
CVE-2015-6158
CVE-2015-6159
CVE-2015-6139
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

CI 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Internet Explorer
CVE-IDS
CVE-2015-61355.0Critical
CVE-2015-61369.3Critical
CVE-2015-61349.3Critical
CVE-2015-61409.3Critical
CVE-2015-61559.3Critical
CVE-2015-60839.3Critical
CVE-2015-61384.3Warning
CVE-2015-61694.3Warning
CVE-2015-61689.3Critical
CVE-2015-61764.3Warning
CVE-2015-61706.8High
CVE-2015-61539.3Critical
CVE-2015-61529.3Critical
CVE-2015-61519.3Critical
CVE-2015-61509.3Critical
CVE-2015-61499.3Critical
CVE-2015-61489.3Critical
CVE-2015-61479.3Critical
CVE-2015-61469.3Critical
CVE-2015-61459.3Critical
CVE-2015-61444.3Warning
CVE-2015-61429.3Critical
CVE-2015-61439.3Critical
CVE-2015-61629.3Critical
CVE-2015-61646.8High
CVE-2015-61609.3Critical
CVE-2015-61614.3Warning
CVE-2015-61549.3Critical
CVE-2015-61419.3Critical
CVE-2015-61569.3Critical
CVE-2015-61574.3Warning
CVE-2015-61589.3Critical
CVE-2015-61599.3Critical
CVE-2015-61399.3Critical