KLA10740
Multiple vulnerabilities in Microsoft Internet Explorer and Edge
Обновлено: 17/06/2019
Дата обнаружения
12/01/2016
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

  1. Improper memory objects handling at VBScript engine can be exploited remotely via a specially designed web content to execute arbitrary code;
  2. Lack of cross-domain policies enforcement can be exploited remotely via a specially designed web content to gain privileges;
  3. Improper memory objects handling can be exploited remotely via a specially designed web content to execute arbitrary code;
  4. Improper memory objects handling at Chakra JavaScript can be exploited remotely via a specially designed web content to execute arbitrary code.

Technical details

To mitigate vulnerability (1) you can restrict access to VBScript.dll

Пораженные продукты

Microsoft Internet Explorer versions from 7 through 11
Microsoft Edge

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2016-0002
CVE-2016-0024
CVE-2016-0005
CVE-2016-0003
Оказываемое влияние
?
ACE 
[?]

PE 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
CVE-2016-00027.6Critical
CVE-2016-00249.3Critical
CVE-2016-00054.3Warning
CVE-2016-00039.3Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

3124266
3124263
3124275
3124624
3124903
3124904
3124621