Multiple vulnerabilities in Microsoft Edge

Описание

Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code or bypass security features.

Below is a complete list of vulnerabilities

1. An improper HTTP responses parsing can be exploited remotely via a specially designed web site to spoof user interface;
2. An improper exceptions handling can be exploited remotely via a specially designed web site to bypass Address Space Layout Randomization;
3. An improper memory objects access can be exploited remotely via a specially designed web site to execute arbitrary code.

Первичный источник обнаружения

• CVE-2016-0060
  CVE-2016-0061
  CVE-2016-0062
  CVE-2016-0084
  CVE-2016-0080
  CVE-2016-0077
  

Связанные продукты

• Microsoft-Edge

Список CVE

• CVE-2016-0060
  critical
• CVE-2016-0061
  critical
• CVE-2016-0062
  critical
• CVE-2016-0084
  critical
• CVE-2016-0080
  warning
• CVE-2016-0077
  warning

Список KB

• 3135173
• 3135174
• 3134225

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com