Multiple vulnerabilities in Microsoft Internet Explorer and Edge

Описание

Multiple vulnerabilities were found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
2. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
3. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.
4. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
5. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
6. An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information.
7. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to obtain sensitive information.
8. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.
9. An elevation of privilege vulnerability in Internet Explorer can be exploited remotely via IMPORTANTTHING to gain privileges.
10. A memory corruption vulnerability in Scripting Engine can be exploited remotely via IMPORTANTTHING to execute arbitrary code.

Первичный источник обнаружения

• CVE-2018-0872
  CVE-2018-0873
  CVE-2018-0874
  CVE-2018-0876
  CVE-2018-0879
  CVE-2018-0889
  CVE-2018-0891
  CVE-2018-0893
  CVE-2018-0927
  CVE-2018-0929
  CVE-2018-0930
  CVE-2018-0931
  CVE-2018-0932
  CVE-2018-0933
  CVE-2018-0934
  CVE-2018-0935
  CVE-2018-0936
  CVE-2018-0937
  CVE-2018-0939
  CVE-2018-0942
  CVE-2018-0925
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Edge
• ChakraCore

Список CVE

• CVE-2018-0872
  critical
• CVE-2018-0873
  critical
• CVE-2018-0874
  critical
• CVE-2018-0876
  critical
• CVE-2018-0879
  critical
• CVE-2018-0889
  critical
• CVE-2018-0891
  warning
• CVE-2018-0893
  critical
• CVE-2018-0927
  warning
• CVE-2018-0929
  warning
• CVE-2018-0930
  critical
• CVE-2018-0931
  critical
• CVE-2018-0932
  warning
• CVE-2018-0933
  critical
• CVE-2018-0934
  critical
• CVE-2018-0935
  critical
• CVE-2018-0936
  critical
• CVE-2018-0937
  critical
• CVE-2018-0939
  warning
• CVE-2018-0942
  warning
• CVE-2018-0925
  critical

Список KB

• 4088782
• 4088787
• 4088786
• 4088779
• 4089187
• 4088877
• 4088875
• 4088776
• 4088876
• 4096040

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com