KLA11247
Multiple vulnerabilities in Microsoft Browsers

Обновлено: 22/07/2020

Дата обнаружения	08/05/2018
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to bypass security restrictions. An information disclosure vulnerability in Scripting Engine can be exploited remotely to obtain sensitive information. A security feature bypass vulnerability in Internet Explorer can be exploited remotely via specially crafted application to bypass security restrictions. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
Пораженные продукты	Internet Explorer 11 Microsoft Edge (EdgeHTML-based) Internet Explorer 9 Internet Explorer 10 ChakraCore
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2018-0943 CVE-2018-0945 CVE-2018-0946 CVE-2018-0951 CVE-2018-0953 CVE-2018-0954 CVE-2018-1021 CVE-2018-8123 CVE-2018-1022 CVE-2018-8130 CVE-2018-8178 CVE-2018-8128 CVE-2018-8133 CVE-2018-8114 CVE-2018-0955 CVE-2018-8139 CVE-2018-1025 CVE-2018-8112 CVE-2018-8145 CVE-2018-8126 CVE-2018-8137 CVE-2018-8122 CVE-2018-8179 CVE-2018-8177
Оказываемое влияние ?	ACE [?] OSI [?] SB [?]
Связанные продукты	Microsoft Internet Explorer Microsoft Edge ChakraCore
CVE-IDS	CVE-2018-09437.6Critical CVE-2018-09457.6Critical CVE-2018-09467.6Critical CVE-2018-09517.6Critical CVE-2018-09537.6Critical CVE-2018-09547.6Critical CVE-2018-10214.3Warning CVE-2018-81234.3Warning CVE-2018-10227.6Critical CVE-2018-81307.6Critical CVE-2018-81787.6Critical CVE-2018-81287.6Critical CVE-2018-81337.6Critical CVE-2018-81147.6Critical CVE-2018-09557.6Critical CVE-2018-81397.6Critical CVE-2018-10254.3Warning CVE-2018-81124.3Warning CVE-2018-81457.6Critical CVE-2018-81266.8High CVE-2018-81377.6Critical CVE-2018-81227.6Critical CVE-2018-81797.6Critical CVE-2018-81777.6Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	4103723 4103716 4103731 4103721 4103730 4103718 4103727 4103725 4103768
Эксплуатация	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/44758 https://www.exploit-db.com/exploits/44694 https://www.exploit-db.com/exploits/44817 https://www.exploit-db.com/exploits/45012 https://www.exploit-db.com/exploits/45011
	Узнай статистику распространения уязвимостей в твоем регионе