Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11002
HistoryMay 09, 2017 - 12:00 a.m.

KLA11002 Multiple vulnerabilities in Microsoft Browser

2017-05-0900:00:00
Kaspersky Lab
threats.kaspersky.com
71

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

0.246 Low

EPSS

Percentile

96.7%

JSON

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  2. An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely to gain privileges.
  3. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
  4. A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface.
  5. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to execute arbitrary code.
  6. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  7. A security feature bypass vulnerability in Internet Explorer can be exploited remotely via specially crafted to bypass security restrictions.

Original advisories

CVE-2017-0266

CVE-2017-0241

CVE-2017-0240

CVE-2017-0238

CVE-2017-0236

CVE-2017-0235

CVE-2017-0234

CVE-2017-0233

CVE-2017-0231

CVE-2017-0230

CVE-2017-0229

CVE-2017-0228

CVE-2017-0227

CVE-2017-0226

CVE-2017-0224

CVE-2017-0222

CVE-2017-0221

CVE-2017-0064

Related products

Microsoft-Internet-Explorer

Microsoft-Edge

CVE list

CVE-2017-0266 critical

CVE-2017-0241 high

CVE-2017-0240 critical

CVE-2017-0238 critical

CVE-2017-0236 critical

CVE-2017-0235 critical

CVE-2017-0234 critical

CVE-2017-0233 high

CVE-2017-0231 warning

CVE-2017-0230 critical

CVE-2017-0229 critical

CVE-2017-0228 critical

CVE-2017-0227 critical

CVE-2017-0226 critical

CVE-2017-0224 critical

CVE-2017-0222 critical

CVE-2017-0221 critical

CVE-2017-0064 warning

KB list

4016871

4019474

4018271

4019215

4019264

4019216

4034668

4034733

4034674

4034681

4034658

4034660

4019473

4019472

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Internet Explorer 9Internet Explorer 11Internet Explorer 10Microsoft Edge (EdgeHTML-based)

References

Related

veracode 8
osv 5
prion 18
cvelist 18
nvd 18
cve 18
github 4
openvas 9
mskb 14
nessus 12
attackerkb 3
trendmicroblog 2
zdi 10
mscve 18
seebug 2
myhack58 1
checkpoint_advisories 9
symantec 18
cisa_kev 1
qualysblog 2
cisa 1
thn 2
rapid7community 1
kaspersky 1
veracode
veracode
Remote Code Execution (RCE)
2018-12-04 14:26:09
Remote Code Execution (RCE)
2018-12-04 14:38:22
Remote Code Execution (RCE)
2018-12-04 14:23:22
osv
osv
ChakraCore RCE Vulnerability
2022-05-17 02:35:00
ChakraCore RCE Vulnerability
2022-05-17 02:44:22
ChakraCore RCE Vulnerability
2022-05-17 02:34:59
prion
prion
Remote code execution
2017-05-12 14:29:00
Remote code execution
2017-05-12 14:29:00
Remote code execution
2017-05-12 14:29:00
cvelist
cvelist
CVE-2017-0236
2017-05-12 14:00:00
CVE-2017-0230
2017-05-12 14:00:00
CVE-2017-0235
2017-05-12 14:00:00
nvd
nvd
CVE-2017-0229
2017-05-12 14:29:02
CVE-2017-0236
2017-05-12 14:29:02
CVE-2017-0235
2017-05-12 14:29:02
cve
cve
CVE-2017-0228
2017-05-12 14:29:02
CVE-2017-0229
2017-05-12 14:29:02
CVE-2017-0224
2017-05-12 14:29:02
github
github
ChakraCore RCE Vulnerability
2022-05-17 02:44:22
ChakraCore RCE Vulnerability
2022-05-17 02:44:21
ChakraCore RCE Vulnerability
2022-05-17 02:34:59
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (KB4018271)
2017-05-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4016871)
2017-05-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4019472)
2017-05-10 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: May 9, 2017
2017-05-09 07:00:00
May 9, 2017—KB4016871 (OS Build 15063.296 and 15063.297)
2017-05-19 07:00:00
May 9, 2017—KB4019472 (OS Build 14393.1198)
2017-05-09 07:00:00
nessus
nessus
Security Updates for Internet Explorer (May 2017)
2017-11-30 00:00:00
KB4016871: Windows 10 Version 1703 May 2017 Cumulative Update
2017-05-09 00:00:00
KB4019472: Windows 10 Version 1607 and Windows Server 2016 May 2017 Cumulative Update
2017-05-09 00:00:00
attackerkb
attackerkb
CVE-2017-0226
2017-05-12 00:00:00
CVE-2017-0222
2017-05-12 00:00:00
CVE-2021-34448
2021-07-16 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 8, 2017
2017-05-12 16:47:57
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 2, 2017
2017-10-06 14:55:49
zdi
zdi
(Pwn2Own) Microsoft Edge ArrayBuffer Use-After-Free Remote Code Execution Vulnerability
2017-05-10 00:00:00
(Pwn2Own) Microsoft Chakra ArrayBuffer Use-After-Free Remote Code Execution Vulnerability
2017-07-10 00:00:00
(Pwn2Own) Microsoft Edge AudioBuffer Use-After-Free Remote Code Execution Vulnerability
2017-05-10 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2017-05-09 07:00:00
Scripting Engine Memory Corruption Vulnerability
2017-05-09 07:00:00
Microsoft Edge Elevation of Privilege Vulnerability
2017-05-09 07:00:00
seebug
seebug
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
2017-05-11 00:00:00
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0234)
2017-05-11 00:00:00
myhack58
myhack58
Edge no prior knowledge of the exploit-vulnerability warning-the black bar safety net
2019-04-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-0234)
2017-05-09 00:00:00
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-0236)
2017-05-09 00:00:00
Microsoft Internet Explorer Security Feature Bypass (CVE-2017-0064)
2017-05-09 00:00:00
symantec
symantec
Microsoft Edge CVE-2017-0234 Remote Memory Corruption Vulnerability
2017-05-09 00:00:00
Microsoft Edge CVE-2017-0233 Remote Privilege Escalation Vulnerability
2017-05-09 00:00:00
Microsoft Internet Explorer CVE-2017-0064 Security Bypass Vulnerability
2017-05-09 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Remote Code Execution Vulnerability
2022-02-25 00:00:00
qualysblog
qualysblog
Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1
2017-05-09 18:06:52
Microsoft Fixes 94 Security Issues in Massive June Update
2017-06-13 18:28:02
cisa
cisa
CISA Adds Four Known Exploited Vulnerabilities to Catalog
2022-02-25 00:00:00
thn
thn
CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog
2022-03-01 04:37:00
Microsoft Issues Patches for Another Four Zero-Day Vulnerabilities
2017-05-09 23:37:00
rapid7community
rapid7community
Patch Tuesday - August 2017
2017-08-08 20:03:46
kaspersky
kaspersky
KLA11077 Multiple vulnerabilities in Microsoft Products (ESU)
2017-05-09 00:00:00

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

0.246 Low

EPSS

Percentile

96.7%

JSON
Related for KLA11002
veracode8osv5prion18cvelist18nvd18cve18github4openvas9mskb14nessus12attackerkb3trendmicroblog2zdi10mscve18seebug2myhack581checkpoint_advisories9symantec18cisa_kev1qualysblog2cisa1thn2rapid7community1kaspersky1