Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Описание

Multiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or obtain sensitive information.

Below is a complete list of vulnerabilities

1. An improper memory objects access can be exploited remotely via a specially designed content to execute arbitrary code;
2. Lack of sandbox restrictions can be exploited remotely to gain privileges;
3. An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information;
4. An improper cross-origin requests handling can be exploited via a specially designed content to obtain sensitive information;
5. An improper files handling can be exploited via a specially designed content to bypass security restrictions.

Первичный источник обнаружения

• CVE-2016-3247
  CVE-2016-3291
  CVE-2016-3292
  CVE-2016-3294
  CVE-2016-3295
  CVE-2016-3370
  CVE-2016-3374
  CVE-2016-3324
  CVE-2016-3375
  CVE-2016-3330
  CVE-2016-3325
  CVE-2016-3297
  CVE-2016-3350
  CVE-2016-3351
  CVE-2016-3353
  CVE-2016-3377
  

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Edge

Список CVE

• CVE-2016-3247
  high
• CVE-2016-3291
  warning
• CVE-2016-3292
  high
• CVE-2016-3294
  critical
• CVE-2016-3295
  high
• CVE-2016-3370
  warning
• CVE-2016-3374
  warning
• CVE-2016-3324
  high
• CVE-2016-3375
  critical
• CVE-2016-3330
  critical
• CVE-2016-3325
  warning
• CVE-2016-3297
  high
• CVE-2016-3350
  critical
• CVE-2016-3351
  warning
• CVE-2016-3353
  high
• CVE-2016-3377
  critical

Список KB

• 3185611
• 3185614
• 3189866
• 3185319

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com