KLA11222
Multiple vulnerabilities in Microsoft Browsers
Обновлено: 22/07/2020
Дата обнаружения
10/04/2018
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.
  2. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  3. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  4. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
  5. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.
  6. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  7. An information disclosure vulnerability in Microsoft Edge can be exploited remotely via specially crafted to obtain sensitive information.
  8. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
  9. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.
Пораженные продукты

Microsoft Edge (EdgeHTML-based)
Internet Explorer 9
Internet Explorer 10
ChakraCore
Internet Explorer 11

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-0981
CVE-2018-0994
CVE-2018-0997
CVE-2018-0990
CVE-2018-1023
CVE-2018-1000
CVE-2018-0892
CVE-2018-1001
CVE-2018-1019
CVE-2018-1018
CVE-2018-0998
CVE-2018-1020
CVE-2018-0988
CVE-2018-0979
CVE-2018-0980
CVE-2018-0987
CVE-2018-0995
CVE-2018-0989
CVE-2018-0870
CVE-2018-0991
CVE-2018-0993
CVE-2018-0996
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
CVE-2018-09810.0Unknown
CVE-2018-09940.0Unknown
CVE-2018-09970.0Unknown
CVE-2018-09900.0Unknown
CVE-2018-10230.0Unknown
CVE-2018-10000.0Unknown
CVE-2018-08920.0Unknown
CVE-2018-10010.0Unknown
CVE-2018-10190.0Unknown
CVE-2018-10180.0Unknown
CVE-2018-09980.0Unknown
CVE-2018-10200.0Unknown
CVE-2018-09880.0Unknown
CVE-2018-09790.0Unknown
CVE-2018-09800.0Unknown
CVE-2018-09870.0Unknown
CVE-2018-09950.0Unknown
CVE-2018-09890.0Unknown
CVE-2018-08700.0Unknown
CVE-2018-09910.0Unknown
CVE-2018-09930.0Unknown
CVE-2018-09960.0Unknown
Microsoft official advisories
Microsoft Security Update Guide
KB list

4093112
4093114
4093111
4093107
4093109
4093119
4093118
4093123
4092946

Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/44653