KLA10634 Multiple vulnerabilities in Microsoft Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to read local files, cause denial of service, bypass security restrictions, execute arbitrary code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

1. Unknown vulnerability can be exploited remotely via a specially designed web site to obtain sensitive information;
2. Unknown vulnerability at vectors related to JScript, VBScript or other unknown vectors can be exploited remotely via a specially designed web site to execute arbitrary code or cause denial of service;
3. Unknown vulnerability can be exploited remotely via a specially designed pathname to read local files;
4. Unknown vulnerability can be exploited remotely via a specially designed module-resource request or stylesheet to determine existence of local files;
5. Unknown vulnerability at vectors related to image caching can be exploited remotely to obtain sensitive information;
6. Unknown vulnerability can be exploited remotely via a specially designed HTML to bypass XSS filter;
7. Unknown vulnerability can be exploited remotely via a specially designed web site to bypass ASLR;
8. Unknown vulnerability can be exploited remotely via a specially designed web site to gain privileges.

Original advisories

CVE-2015-2372

CVE-2015-2388

CVE-2015-2389

CVE-2015-2408

CVE-2015-2425

CVE-2015-2403

CVE-2015-2402

CVE-2015-2404

CVE-2015-2406

CVE-2015-1729

CVE-2015-2412

CVE-2015-2384

CVE-2015-2385

CVE-2015-2422

CVE-2015-2390

CVE-2015-2391

CVE-2015-1738

CVE-2015-1733

CVE-2015-1767

CVE-2015-2383

CVE-2015-2410

CVE-2015-2413

CVE-2015-2414

CVE-2015-2411

CVE-2015-2397

CVE-2015-2398

CVE-2015-2419

CVE-2015-2421

CVE-2015-2401

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

CVE list

CVE-2015-2372 critical

CVE-2015-2388 critical

CVE-2015-2389 critical

CVE-2015-2408 critical

CVE-2015-2425 critical

CVE-2015-2403 critical

CVE-2015-2402 warning

CVE-2015-2404 critical

CVE-2015-2406 critical

CVE-2015-1729 warning

CVE-2015-2412 warning

CVE-2015-2384 critical

CVE-2015-2385 critical

CVE-2015-2422 critical

CVE-2015-2390 critical

CVE-2015-2391 critical

CVE-2015-1738 critical

CVE-2015-1733 critical

CVE-2015-1767 critical

CVE-2015-2383 critical

CVE-2015-2410 warning

CVE-2015-2413 warning

CVE-2015-2414 warning

CVE-2015-2411 critical

CVE-2015-2397 critical

CVE-2015-2398 warning

CVE-2015-2419 critical

CVE-2015-2421 warning

CVE-2015-2401 critical

KB list

3065822

3072604

3076321

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• RLF

Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.

Affected Products

• Microsoft Internet Explorer versions from 8 through 11