Описание
Multiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code and spoof user interface.
Below is a complete list of vulnerabilities:
- An improper handling of redirect requests in Microsoft browsers can be exploited remotely via a specially designed website to bypass security restrictions;
- An improper access to objects in memory in Internet Explorer can be exploited remotely via a specially designed website to execute arbitrary code;
- An incorrect handling of objects in memory in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
- An incorrect applying of Same Origin Policy for HTML elements present in other browser windows in Microsoft Edge can be exploited remotely by convincing a user to load a page or visit a website to bypass security restrictions;
- An improper handling of objects in memory in Chakra JavaScript engine in Microsoft Edge can be exploited remotely via a specially designed website to execute arbitrary code;
- An improper parsing of HTTP content in Microsoft browsers can be exploited remotely by convincing the user to click a specially designed URL to spoof user interface;
- Multiple vulnerabilities related to incorrect handling of objects in memory in JavaScript engine in Microsoft browsers can be exploited remotely via a specially designed website, Microsoft Office document that hosts the browser rendering engine or embedded ActiveX control marked «safe for initialization» in an application to execute arbitrary code;
- Multiple vulnerabilities related to incorrect handling of objects in memory in VBScript engine in Microsoft Internet Explorer can be exploited remotely via a specially designed website, Microsoft office document that hosts the browser rendering engine or embedded ActiveX control marked «safe for initialization» in an application to execute arbitrary code.
Technical details
Vulnerability (7), (8) are related to rendering in JavaScript engines.
Первичный источник обнаружения
- CVE-2017-8618
CVE-2017-8619
CVE-2017-8599
CVE-2017-8598
CVE-2017-8617
CVE-2017-8603
CVE-2017-8592
CVE-2017-8601
CVE-2017-8602
CVE-2017-8607
CVE-2017-8596
CVE-2017-8595
CVE-2017-8604
CVE-2017-8609
CVE-2017-8608
CVE-2017-8605
CVE-2017-8611
CVE-2017-8606
CVE-2017-8594
CVE-2017-8610
CVE-2017-8592
CVE-2017-8594
CVE-2017-8595
CVE-2017-8596
CVE-2017-8598
CVE-2017-8599
CVE-2017-8601
CVE-2017-8602
CVE-2017-8603
CVE-2017-8604
CVE-2017-8605
CVE-2017-8606
CVE-2017-8607
CVE-2017-8608
CVE-2017-8609
CVE-2017-8610
CVE-2017-8611
CVE-2017-8617
CVE-2017-8618
CVE-2017-8619
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Internet-Explorer
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-VBScript-engine
- Microsoft-Windows-10
- Microsoft-Edge
Список CVE
- CVE-2017-8592 warning
- CVE-2017-8594 critical
- CVE-2017-8595 critical
- CVE-2017-8596 critical
- CVE-2017-8598 critical
- CVE-2017-8599 warning
- CVE-2017-8601 critical
- CVE-2017-8602 warning
- CVE-2017-8603 critical
- CVE-2017-8604 critical
- CVE-2017-8605 critical
- CVE-2017-8606 critical
- CVE-2017-8607 critical
- CVE-2017-8608 critical
- CVE-2017-8609 critical
- CVE-2017-8610 critical
- CVE-2017-8611 warning
- CVE-2017-8617 critical
- CVE-2017-8618 critical
- CVE-2017-8619 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!