Kaspersky ID:
KLA10968
Дата обнаружения:
14/03/2017
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information and bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An incorrect handling of objects in memory done by JScript and VBScript while rendering can be exploited remotely via a specially designed website or Microsoft Office document that hosts the IE engine to execute arbitrary code and gain privileges;
  2. An improper handling of objects in memory done by affected components can be exploited remotely via specially designed content to obtain sensitive information;
  3. An inaccurate parsing of HTTP responses can be exploited remotely via a specially designed website to spoof content or trigger another attack in web services;
  4. A type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll can be exploited remotely via vectors involving a specially designed CSS token sequence and specially designed JavaScript code working with a TH element to execute arbitrary code and possibly to cause a denial of service;
  5. An improper handling of objects in memory done by Microsoft Windows PDF can be exploited remotely via a specially designed website with malicious PDF content to execute arbitrary code;
  6. A failure in applying Same Origin Policy for HTML elements present in the other browser windows can be exploited remotely via a specially designed webpage or website to bypass security restrictions;
  7. An improper access to the objects in memorry can be exploited remotely via a specially designed website to execute arbitrary code.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

Список CVE

  • CVE-2017-0065
    warning
  • CVE-2017-0066
    warning
  • CVE-2017-0067
    critical
  • CVE-2017-0068
    warning
  • CVE-2017-0069
    warning
  • CVE-2017-0070
    critical
  • CVE-2017-0071
    critical
  • CVE-2017-0094
    critical
  • CVE-2017-0037
    critical
  • CVE-2017-0131
    critical
  • CVE-2017-0132
    critical
  • CVE-2017-0133
    critical
  • CVE-2017-0134
    critical
  • CVE-2017-0135
    warning
  • CVE-2017-0136
    critical
  • CVE-2017-0137
    critical
  • CVE-2017-0138
    critical
  • CVE-2017-0140
    warning
  • CVE-2017-0141
    critical
  • CVE-2017-0150
    critical
  • CVE-2017-0151
    critical
  • CVE-2017-0009
    warning
  • CVE-2017-0010
    critical
  • CVE-2017-0011
    warning
  • CVE-2017-0012
    warning
  • CVE-2017-0015
    critical
  • CVE-2017-0017
    warning
  • CVE-2017-0023
    critical
  • CVE-2017-0032
    critical
  • CVE-2017-0033
    warning
  • CVE-2017-0034
    critical
  • CVE-2017-0035
    critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Confirm changes?
Your message has been sent successfully.