KLA10755
Multiple vulnerabilities in Microsoft Edge
Обновлено: 17/06/2019
Дата обнаружения
09/02/2016
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code or bypass security features.

Below is a complete list of vulnerabilities

  1. An improper HTTP responses parsing can be exploited remotely via a specially designed web site to spoof user interface;
  2. An improper exceptions handling can be exploited remotely via a specially designed web site to bypass Address Space Layout Randomization;
  3. An improper memory objects access can be exploited remotely via a specially designed web site to execute arbitrary code.
Пораженные продукты

Microsoft Edge

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2016-0060
CVE-2016-0061
CVE-2016-0062
CVE-2016-0084
CVE-2016-0080
CVE-2016-0077
Оказываемое влияние
?
ACE 
[?]

SB 
[?]

SUI 
[?]
Связанные продукты
Microsoft Edge
CVE-IDS
CVE-2016-00609.3Critical
CVE-2016-00619.3Critical
CVE-2016-00629.3Critical
CVE-2016-00849.3Critical
CVE-2016-00804.3Warning
CVE-2016-00774.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

3135173
3135174
3134225