Описание
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, spoof user interface.
Below is a complete list of vulnerabilities:
- An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
- A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to bypass security restrictions.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.
- A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface.
- A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to execute arbitrary code.
- A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
- A remote code execution vulnerability in Windows PDF can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information.
- An elevation of privilege vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information.
Первичный источник обнаружения
- CVE-2017-0065
CVE-2017-0066
CVE-2017-0067
CVE-2017-0068
CVE-2017-0069
CVE-2017-0070
CVE-2017-0071
CVE-2017-0094
CVE-2017-0037
CVE-2017-0131
CVE-2017-0132
CVE-2017-0133
CVE-2017-0134
CVE-2017-0135
CVE-2017-0136
CVE-2017-0137
CVE-2017-0138
CVE-2017-0140
CVE-2017-0141
CVE-2017-0150
CVE-2017-0151
CVE-2017-0009
CVE-2017-0010
CVE-2017-0011
CVE-2017-0012
CVE-2017-0015
CVE-2017-0017
CVE-2017-0023
CVE-2017-0032
CVE-2017-0033
CVE-2017-0034
CVE-2017-0035
CVE-2017-0049
CVE-2017-0059
CVE-2017-0130
CVE-2017-0149
CVE-2017-0154
CVE-2017-0008
CVE-2017-0018
CVE-2017-0040
Эксплуатация
The following public exploits exists for this vulnerability:
https://www.exploit-db.com/exploits/41623
https://www.exploit-db.com/exploits/43125
https://www.exploit-db.com/exploits/41454
https://www.exploit-db.com/exploits/42354
https://www.exploit-db.com/exploits/43125
https://www.exploit-db.com/exploits/41661
Связанные продукты
Список CVE
- CVE-2017-0065 unknown
- CVE-2017-0066 unknown
- CVE-2017-0067 unknown
- CVE-2017-0068 unknown
- CVE-2017-0069 unknown
- CVE-2017-0070 unknown
- CVE-2017-0071 unknown
- CVE-2017-0094 unknown
- CVE-2017-0037 unknown
- CVE-2017-0131 unknown
- CVE-2017-0132 unknown
- CVE-2017-0133 unknown
- CVE-2017-0134 unknown
- CVE-2017-0135 unknown
- CVE-2017-0136 unknown
- CVE-2017-0137 unknown
- CVE-2017-0138 unknown
- CVE-2017-0140 unknown
- CVE-2017-0141 unknown
- CVE-2017-0150 unknown
- CVE-2017-0151 unknown
- CVE-2017-0009 unknown
- CVE-2017-0010 unknown
- CVE-2017-0011 unknown
- CVE-2017-0012 unknown
- CVE-2017-0015 unknown
- CVE-2017-0017 unknown
- CVE-2017-0023 unknown
- CVE-2017-0032 unknown
- CVE-2017-0033 unknown
- CVE-2017-0034 unknown
- CVE-2017-0035 unknown
- CVE-2017-0049 unknown
- CVE-2017-0059 unknown
- CVE-2017-0130 unknown
- CVE-2017-0149 unknown
- CVE-2017-0154 unknown
- CVE-2017-0008 unknown
- CVE-2017-0018 unknown
- CVE-2017-0040 unknown
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!