KLA11290
Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Обновлено: 06/06/2022
Дата обнаружения
10/07/2018
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges.

Below is a complete list of vulnerabilities:

  1. A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions.
  2. A spoofing vulnerability in Microsoft Edge can be exploited remotely to spoof user interface.
  3. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  4. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely to execute arbitrary code.
  5. A memory corruption vulnerability in Microsoft Edge can be exploited remotely to execute arbitrary code.
  6. A memory corruption vulnerability in Microsoft Edge can be exploited remotely to obtain sensitive information.
  7. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely to obtain sensitive information.
  8. A security feature bypass vulnerability in Scripting Engine can be exploited remotely to bypass security restrictions.
Пораженные продукты

Internet Explorer 10
Internet Explorer 11
Microsoft Edge (EdgeHTML-based)
ChakraCore

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-0949
CVE-2018-8278
CVE-2018-8242
CVE-2018-8286
CVE-2018-8279
CVE-2018-8324
CVE-2018-8294
CVE-2018-8296
CVE-2018-8297
CVE-2018-8262
CVE-2018-8125
CVE-2018-8276
CVE-2018-8280
CVE-2018-8290
CVE-2018-8274
CVE-2018-8325
CVE-2018-8301
CVE-2018-8289
CVE-2018-8288
CVE-2018-8291
CVE-2018-8275
CVE-2018-8287
CVE-2018-8298
CVE-2018-8283
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
CVE-2018-09494.3Warning
CVE-2018-82785.8High
CVE-2018-82427.6Critical
CVE-2018-83244.3Warning
CVE-2018-82967.6Critical
CVE-2018-82974.3Warning
CVE-2018-82627.6Critical
CVE-2018-81257.6Critical
CVE-2018-82747.6Critical
CVE-2018-83254.3Warning
CVE-2018-83017.6Critical
CVE-2018-82894.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

4338830
4338815
4338825
4338814
4338818
4338829
4338819
4338826
4345421
4345419
4338816
4345455
4338831
4345459
4345420
4345424
4338821
4345425
4345418
4339093

Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/45214

https://www.exploit-db.com/exploits/45213

https://www.exploit-db.com/exploits/45215

https://www.exploit-db.com/exploits/45217

Узнай статистику распространения уязвимостей в твоем регионе