Kaspersky ID:
KLA11306
Дата обнаружения:
14/08/2018
Обновлено:
22/01/2024

Описание

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  2. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  3. A memory corruption vulnerability in Scripting Engine can be exploited remotely via IMPORTANTTHING to execute arbitrary code.
  4. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
  5. An elevation of privilege vulnerability in Microsoft Browser can be exploited remotely via IMPORTANTTHING to gain privileges.
  6. A spoofing vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to spoof user interface.
  7. A remote code execution vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  8. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via IMPORTANTTHING to obtain sensitive information.
  9. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
  10. An information disclosure vulnerability in Microsoft Edge can be exploited remotely via IMPORTANTTHING to obtain sensitive information.
  11. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to bypass security restrictions.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2018-8384
    critical
  • CVE-2018-8372
    critical
  • CVE-2018-8385
    critical
  • CVE-2018-8266
    critical
  • CVE-2018-8380
    critical
  • CVE-2018-8359
    critical
  • CVE-2018-8381
    critical
  • CVE-2018-8355
    critical
  • CVE-2018-8390
    critical
  • CVE-2018-8387
    critical
  • CVE-2018-8357
    high
  • CVE-2018-8353
    critical
  • CVE-2018-8383
    warning
  • CVE-2018-8377
    critical
  • CVE-2018-8389
    critical
  • CVE-2018-8316
    critical
  • CVE-2018-8388
    warning
  • CVE-2018-8371
    critical
  • CVE-2018-8351
    warning
  • CVE-2018-8373
    critical
  • CVE-2018-8403
    critical
  • CVE-2018-8370
    warning
  • CVE-2018-8358
    warning

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.