KLA10900 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted application to obtain sensitive information.
2. A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface.
3. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
4. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
5. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
6. An information disclosure vulnerability in Microsoft Browser can be exploited remotely to obtain sensitive information.
7. An information disclosure vulnerability in Microsoft Edge can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2016-7239

CVE-2016-7209

CVE-2016-7227

CVE-2016-7208

CVE-2016-7195

CVE-2016-7196

CVE-2016-7198

CVE-2016-7199

CVE-2016-7200

CVE-2016-7201

CVE-2016-7202

CVE-2016-7203

CVE-2016-7204

CVE-2016-7243

CVE-2016-7242

CVE-2016-7241

CVE-2016-7240

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Windows

Microsoft-Edge

CVE list

CVE-2016-7239 warning

CVE-2016-7209 high

CVE-2016-7227 warning

CVE-2016-7208 critical

CVE-2016-7195 critical

CVE-2016-7196 critical

CVE-2016-7198 critical

CVE-2016-7199 warning

CVE-2016-7200 critical

CVE-2016-7201 critical

CVE-2016-7202 critical

CVE-2016-7203 critical

CVE-2016-7204 warning

CVE-2016-7243 critical

CVE-2016-7242 critical

CVE-2016-7241 critical

CVE-2016-7240 critical

KB list

3200970

3197867

3197868

3197873

3197874

3197876

3197877

3198585

3198586

3205386

3205383

3205401

3205400

3205408

3205409

3207752

3205394

3206632

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Internet Explorer 9Microsoft Windows Hyperlink Object LibraryInternet Explorer 11Internet Explorer 10Microsoft Edge (EdgeHTML-based)