KLA11954
Multiple vulnerabilities in Microsoft Browsers

Обновлено: 21/09/2020
Дата обнаружения
08/09/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  2. A memory corruption vulnerability in Internet Explorer Browser Helper Object (BHO) can be exploited remotely via specially crafted website to execute arbitrary code.
  3. An elevation of privilege vulnerability in WinINet API can be exploited remotely via specially crafted website to gain privileges.
  4. An elevation of privilege vulnerability in Windows Start-Up Application can be exploited remotely via specially crafted website to gain privileges.
  5. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
Пораженные продукты

ChakraCore
Microsoft Edge (Chromium-based)
Internet Explorer 11
Microsoft Edge (EdgeHTML-based)
Internet Explorer 9

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-1057
CVE-2020-1172
CVE-2020-16884
CVE-2020-1180
CVE-2020-1012
CVE-2020-1506
CVE-2020-0878
Оказываемое влияние
?
ACE 
[?]

PE 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
ChakraCore
CVE-IDS
KB list

4571756
4577041
4570333
4577032
4577049
4577015
4577051
4577066
4574727
4577038
4577010

Microsoft official advisories
Microsoft Security Update Guide
Узнай статистику распространения уязвимостей в твоем регионе