Multiple vulnerabilities in Microsoft Edge

Описание

Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information and bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An incorrect handling of objects in memory done by JScript and VBScript while rendering can be exploited remotely via a specially designed website or Microsoft Office document that hosts the IE engine to execute arbitrary code and gain privileges;
2. An improper handling of objects in memory done by affected components can be exploited remotely via specially designed content to obtain sensitive information;
3. An inaccurate parsing of HTTP responses can be exploited remotely via a specially designed website to spoof content or trigger another attack in web services;
4. A type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll can be exploited remotely via vectors involving a specially designed CSS token sequence and specially designed JavaScript code working with a TH element to execute arbitrary code and possibly to cause a denial of service;
5. An improper handling of objects in memory done by Microsoft Windows PDF can be exploited remotely via a specially designed website with malicious PDF content to execute arbitrary code;
6. A failure in applying Same Origin Policy for HTML elements present in the other browser windows can be exploited remotely via a specially designed webpage or website to bypass security restrictions;
7. An improper access to the objects in memorry can be exploited remotely via a specially designed website to execute arbitrary code.

Первичный источник обнаружения

• MS17-007
  CVE-2017-0065
  CVE-2017-0066
  CVE-2017-0067
  CVE-2017-0068
  CVE-2017-0069
  CVE-2017-0070
  CVE-2017-0071
  CVE-2017-0094
  CVE-2017-0037
  CVE-2017-0131
  CVE-2017-0132
  CVE-2017-0133
  CVE-2017-0134
  CVE-2017-0135
  CVE-2017-0136
  CVE-2017-0137
  CVE-2017-0138
  CVE-2017-0140
  CVE-2017-0141
  CVE-2017-0150
  CVE-2017-0151
  CVE-2017-0009
  CVE-2017-0010
  CVE-2017-0011
  CVE-2017-0012
  CVE-2017-0015
  CVE-2017-0017
  CVE-2017-0023
  CVE-2017-0032
  CVE-2017-0033
  CVE-2017-0034
  CVE-2017-0035
  

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• Microsoft-Edge

Список CVE

• CVE-2017-0065
  warning
• CVE-2017-0066
  warning
• CVE-2017-0067
  critical
• CVE-2017-0068
  warning
• CVE-2017-0069
  warning
• CVE-2017-0070
  critical
• CVE-2017-0071
  critical
• CVE-2017-0094
  critical
• CVE-2017-0037
  critical
• CVE-2017-0131
  critical
• CVE-2017-0132
  critical
• CVE-2017-0133
  critical
• CVE-2017-0134
  critical
• CVE-2017-0135
  warning
• CVE-2017-0136
  critical
• CVE-2017-0137
  critical
• CVE-2017-0138
  critical
• CVE-2017-0140
  warning
• CVE-2017-0141
  critical
• CVE-2017-0150
  critical
• CVE-2017-0151
  critical
• CVE-2017-0009
  warning
• CVE-2017-0010
  critical
• CVE-2017-0011
  warning
• CVE-2017-0012
  warning
• CVE-2017-0015
  critical
• CVE-2017-0017
  high
• CVE-2017-0023
  critical
• CVE-2017-0032
  critical
• CVE-2017-0033
  warning
• CVE-2017-0034
  critical
• CVE-2017-0035
  critical

Список KB

• 4012606
• 4013198
• 4013429

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com