Multiple vulnerabilities in Microsoft Internet Explorer & Edge

Описание

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
2. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
3. A security feature bypass vulnerability in Internet Explorer can be exploited remotely via specially crafted to bypass security restrictions.
4. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information.
5. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
6. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to bypass security restrictions.
7. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
8. An information disclosure vulnerability in Microsoft Edge can be exploited remotely to obtain sensitive information.
9. A memory corruption vulnerability in ChakraCore can be exploited remotely to execute arbitrary code.

---

Technical details

Vulnerability (4) allows to bypass Mark of the Web Tagging (MOTW).

Первичный источник обнаружения

• CVE-2018-8227
  CVE-2018-8229
  CVE-2018-8236
  CVE-2018-8113
  CVE-2018-8234
  CVE-2018-8249
  CVE-2018-8110
  CVE-2018-8235
  CVE-2018-8267
  CVE-2018-0871
  CVE-2018-8111
  CVE-2018-0978
  CVE-2018-8243
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Edge
• ChakraCore

Список CVE

• CVE-2018-8227
  critical
• CVE-2018-8229
  critical
• CVE-2018-8243
  critical
• CVE-2018-8236
  critical
• CVE-2018-8113
  warning
• CVE-2018-8234
  warning
• CVE-2018-8249
  critical
• CVE-2018-8110
  critical
• CVE-2018-8235
  warning
• CVE-2018-8267
  critical
• CVE-2018-0871
  warning
• CVE-2018-8111
  critical
• CVE-2018-0978
  critical

Список KB

• 4284860
• 4284874
• 4284826
• 4284835
• 4284880
• 4284819
• 4230450
• 4284855
• 4284815
• 4532693
• 4532691

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com