KLA11667
Multiple vulnerabilities in Microsoft Browser
Обновлено: 18/06/2020
Дата обнаружения
11/02/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to gain privileges.
  2. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  3. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
  4. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Пораженные продукты

Internet Explorer 10
ChakraCore
Microsoft Edge (EdgeHTML-based)
Internet Explorer 9
Internet Explorer 11

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-0663
CVE-2020-0767
CVE-2020-0706
CVE-2020-0713
CVE-2020-0712
CVE-2020-0711
CVE-2020-0710
CVE-2020-0674
CVE-2020-0673
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

PE 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
CVE-2020-06630.0Unknown
CVE-2020-07670.0Unknown
CVE-2020-07060.0Unknown
CVE-2020-07130.0Unknown
CVE-2020-07120.0Unknown
CVE-2020-07110.0Unknown
CVE-2020-07100.0Unknown
CVE-2020-06740.0Unknown
CVE-2020-06730.0Unknown
KB list

4537820
4537821
4537776
4532693
4532691
4537762
4537764
4537789
4537814
4537767

Microsoft official advisories
Microsoft Security Update Guide