KLA11771
Multiple vulnerabilities in Microsoft Internet Explorer and Edge
Обновлено: 18/06/2020
Дата обнаружения
12/05/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in MSHTML Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  2. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  3. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  4. An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to gain privileges.
  5. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
  6. A remote code execution vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to execute arbitrary code.
  7. A spoofing vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to spoof user interface.
  8. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Пораженные продукты

Internet Explorer 11
ChakraCore
Microsoft Edge (EdgeHTML-based)
Internet Explorer 9

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-1064
CVE-2020-1065
CVE-2020-1062
CVE-2020-1056
CVE-2020-1060
CVE-2020-1096
CVE-2020-1059
CVE-2020-1058
CVE-2020-1093
CVE-2020-1092
CVE-2020-1035
CVE-2020-1037
Оказываемое влияние
?
ACE 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
CVE-2020-10640.0Unknown
CVE-2020-10650.0Unknown
CVE-2020-10620.0Unknown
CVE-2020-10560.0Unknown
CVE-2020-10600.0Unknown
CVE-2020-10960.0Unknown
CVE-2020-10590.0Unknown
CVE-2020-10580.0Unknown
CVE-2020-10930.0Unknown
CVE-2020-10920.0Unknown
CVE-2020-10350.0Unknown
CVE-2020-10370.0Unknown
KB list

4556799
4556846
4556798
4556840
4556826
4556813
4556812
4551853
4556836
4556807

Microsoft official advisories
Microsoft Security Update Guide