KLA11681
Multiple vulnerabilities in Microsoft Browser
Обновлено: 22/05/2020
Дата обнаружения
10/03/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  2. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  3. An information disclosure vulnerability in Scripting Engine can be exploited remotely to obtain sensitive information.
  4. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
  5. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  6. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  7. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  8. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
Пораженные продукты

Internet Explorer 11
Internet Explorer 9
Microsoft Edge (EdgeHTML-based)
ChakraCore

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-0829
CVE-2020-0811
CVE-2020-0812
CVE-2020-0813
CVE-2020-0816
CVE-2020-0828
CVE-2020-0832
CVE-2020-0833
CVE-2020-0830
CVE-2020-0831
CVE-2020-0825
CVE-2020-0824
CVE-2020-0768
CVE-2020-0826
CVE-2020-0847
CVE-2020-0827
CVE-2020-0848
CVE-2020-0823
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft VBScript engine
Microsoft Edge
CVE-IDS
CVE-2020-08290.0Unknown
CVE-2020-08110.0Unknown
CVE-2020-08120.0Unknown
CVE-2020-08130.0Unknown
CVE-2020-08160.0Unknown
CVE-2020-08280.0Unknown
CVE-2020-08320.0Unknown
CVE-2020-08330.0Unknown
CVE-2020-08300.0Unknown
CVE-2020-08310.0Unknown
CVE-2020-08250.0Unknown
CVE-2020-08240.0Unknown
CVE-2020-07680.0Unknown
CVE-2020-08260.0Unknown
CVE-2020-08470.0Unknown
CVE-2020-08270.0Unknown
CVE-2020-08480.0Unknown
CVE-2020-08230.0Unknown
KB list

4538461
4541510
4540689
4541509
4540681
4540693
4540673
4540670
4540671
4540688

Microsoft official advisories
Microsoft Security Update Guide