Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Описание

Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to bypass security restrictions, perform privilege escalation, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

1. An improper validation at Content Security Policy can be exploited remotely via a specially designed content to bypass security restrictions;
2. An improper memory objects handling at Chakra JavaScript engine can be exploited remotely via a specially designed content to execute arbitrary code;
3. An improper PDF parsing can be exploited remotely via a specially designed pdf document to obtain sensitive information or execute arbitrary code;
4. A vulnerability in Web Proxy Auto Discovery (WPAD) protocol can be exploited remotely to bypass security restrictions and perform privilege escalation;
5. A vulnerability in XSS Filter can be exploited remotely to perform a universal cross-site scripting attack;
6. Internet Explorer Memory Corruption Vulnerability can be exploited remotely via a specially designed content to execute arbitrary code and perform privilege escalation;
7. Scripting Engine Memory Corruption Vulnerability can be exploited remotely via a specially designed content to execute arbitrary code and perform privilege escalation;

Первичный источник обнаружения

• CVE-2016-3207
  CVE-2016-3206
  CVE-2016-3205
  CVE-2016-3215
  CVE-2016-3214
  CVE-2016-3213
  CVE-2016-3212
  CVE-2016-3211
  CVE-2016-3210
  CVE-2016-3203
  CVE-2016-3202
  CVE-2016-3201
  CVE-2016-3199
  CVE-2016-3198
  CVE-2016-0199
  CVE-2016-0200
  CVE-2016-3222
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Edge

Список CVE

• CVE-2016-3207
  critical
• CVE-2016-3206
  critical
• CVE-2016-3205
  critical
• CVE-2016-3215
  warning
• CVE-2016-3214
  critical
• CVE-2016-3213
  critical
• CVE-2016-3212
  warning
• CVE-2016-3211
  critical
• CVE-2016-3210
  critical
• CVE-2016-3203
  critical
• CVE-2016-3202
  critical
• CVE-2016-3201
  warning
• CVE-2016-3199
  critical
• CVE-2016-3198
  warning
• CVE-2016-0199
  critical
• CVE-2016-0200
  critical
• CVE-2016-3222
  critical

Список KB

• 3163017
• 3163018
• 3160005

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com