KLA10885
Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information or gain privileges.

Below is a complete list of vulnerabilities

1. An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code;
2. An improper memory objects handling at Chakra JavaScript engine can be exploited remotely via a specially designed content to execute arbitrary code;
3. An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information;
4. Lack of credential data storage restrictions can be exploited locally via harvesting memory dump to obtain sensitive information;
5. Lack of private namespace security restrictions can be exploited remotely to gain privileges;
6. An improper validation can be exploited remotely via a specially designed content to bypass security restrictions.

Microsoft Internet Explorer versions 9 through 11
Microsoft Edge

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

3192441
3194798
3192440
3185331
3185330
3185332
3192393
3192392
3192391

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/40606

https://www.exploit-db.com/exploits/40607