KLA10920 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to bypass security restrictions.
2. An information disclosure vulnerability in Microsft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
3. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
4. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
5. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
6. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.

Original advisories

CVE-2016-7281

CVE-2016-7280

CVE-2016-7279

CVE-2016-7278

CVE-2016-7297

CVE-2016-7181

CVE-2016-7206

CVE-2016-7296

CVE-2016-7288

CVE-2016-7287

CVE-2016-7286

CVE-2016-7284

CVE-2016-7283

CVE-2016-7282

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Windows

Microsoft-Edge

CVE list

CVE-2016-7281 warning

CVE-2016-7280 warning

CVE-2016-7279 critical

CVE-2016-7278 warning

CVE-2016-7297 critical

CVE-2016-7181 critical

CVE-2016-7206 warning

CVE-2016-7296 critical

CVE-2016-7288 critical

CVE-2016-7287 critical

CVE-2016-7286 critical

CVE-2016-7284 warning

CVE-2016-7283 critical

CVE-2016-7282 warning

KB list

3205386

3205383

3205401

3205400

3205408

3205409

3207752

3205394

3206632

4338825

4338819

4338826

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Internet Explorer 9Microsoft Windows Hyperlink Object LibraryInternet Explorer 11Internet Explorer 10Microsoft Edge (EdgeHTML-based)