KLA11331
Multiple vulnerabilities in Microsoft Browsers

Обновлено: 22/07/2020
Дата обнаружения
09/10/2018
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  2. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
  3. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to bypass security restrictions.
  4. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  5. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
Пораженные продукты

ChakraCore
Internet Explorer 11
Microsoft Edge (EdgeHTML-based)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-8510
CVE-2018-8503
CVE-2018-8473
CVE-2018-8511
CVE-2018-8505
CVE-2018-8513
CVE-2018-8512
CVE-2018-8491
CVE-2018-8460
CVE-2018-8530
CVE-2018-8509
CVE-2018-8500
Оказываемое влияние
?
ACE 
[?]

SB 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
CVE-2018-85107.6Critical
CVE-2018-85037.6Critical
CVE-2018-84737.6Critical
CVE-2018-85117.6Critical
CVE-2018-85057.6Critical
CVE-2018-85137.6Critical
CVE-2018-85125.8High
CVE-2018-84917.6Critical
CVE-2018-84607.6Critical
CVE-2018-85304.3Warning
CVE-2018-85097.6Critical
KB list

4462917
4462918
4462923
4462919
4464330
4462937
4462922
4462926
4462949