KLA10967
Multiple vulnerabilities in Microsoft Browser

Обновлено: 22/07/2020

Дата обнаружения	14/03/2017
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to bypass security restrictions. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information. A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to execute arbitrary code. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code. A remote code execution vulnerability in Windows PDF can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information. An elevation of privilege vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information.
Пораженные продукты	Internet Explorer 9 Internet Explorer 11 Internet Explorer 10 Microsoft Edge (EdgeHTML-based)
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2017-0065 CVE-2017-0066 CVE-2017-0067 CVE-2017-0068 CVE-2017-0069 CVE-2017-0070 CVE-2017-0071 CVE-2017-0094 CVE-2017-0037 CVE-2017-0131 CVE-2017-0132 CVE-2017-0133 CVE-2017-0134 CVE-2017-0135 CVE-2017-0136 CVE-2017-0137 CVE-2017-0138 CVE-2017-0140 CVE-2017-0141 CVE-2017-0150 CVE-2017-0151 CVE-2017-0009 CVE-2017-0010 CVE-2017-0011 CVE-2017-0012 CVE-2017-0015 CVE-2017-0017 CVE-2017-0023 CVE-2017-0032 CVE-2017-0033 CVE-2017-0034 CVE-2017-0035 CVE-2017-0049 CVE-2017-0059 CVE-2017-0130 CVE-2017-0149 CVE-2017-0154 CVE-2017-0008 CVE-2017-0018 CVE-2017-0040
Оказываемое влияние ?	ACE [?] OSI [?] SB [?] SUI [?]
Связанные продукты	Microsoft Internet Explorer Microsoft Edge
CVE-IDS	CVE-2017-00650.0Unknown CVE-2017-00660.0Unknown CVE-2017-00670.0Unknown CVE-2017-00680.0Unknown CVE-2017-00690.0Unknown CVE-2017-00700.0Unknown CVE-2017-00710.0Unknown CVE-2017-00940.0Unknown CVE-2017-00370.0Unknown CVE-2017-01310.0Unknown CVE-2017-01320.0Unknown CVE-2017-01330.0Unknown CVE-2017-01340.0Unknown CVE-2017-01350.0Unknown CVE-2017-01360.0Unknown CVE-2017-01370.0Unknown CVE-2017-01380.0Unknown CVE-2017-01400.0Unknown CVE-2017-01410.0Unknown CVE-2017-01500.0Unknown CVE-2017-01510.0Unknown CVE-2017-00090.0Unknown CVE-2017-00100.0Unknown CVE-2017-00110.0Unknown CVE-2017-00120.0Unknown CVE-2017-00150.0Unknown CVE-2017-00170.0Unknown CVE-2017-00230.0Unknown CVE-2017-00320.0Unknown CVE-2017-00330.0Unknown CVE-2017-00340.0Unknown CVE-2017-00350.0Unknown CVE-2017-00490.0Unknown CVE-2017-00590.0Unknown CVE-2017-01300.0Unknown CVE-2017-01490.0Unknown CVE-2017-01540.0Unknown CVE-2017-00080.0Unknown CVE-2017-00180.0Unknown CVE-2017-00400.0Unknown
Microsoft official advisories	Microsoft Security Update Guide
KB list	4025342 4012204 4012217 4012215 4012216 4012606 4013198 4013429 4025339 4025344 4025338
Эксплуатация	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/41623 https://www.exploit-db.com/exploits/43125 https://www.exploit-db.com/exploits/41454 https://www.exploit-db.com/exploits/42354 https://www.exploit-db.com/exploits/43125 https://www.exploit-db.com/exploits/41661
	Узнай статистику распространения уязвимостей в твоем регионе