CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.9%
Multiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions and spoof user interface.
Below is a complete list of vulnerabilities:
NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative.
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
CVE-2017-8756 critical
CVE-2017-8747 critical
CVE-2017-8734 critical
CVE-2017-8729 critical
CVE-2017-8728 critical
CVE-2017-8757 critical
CVE-2017-8749 critical
CVE-2017-8738 critical
CVE-2017-11766 critical
CVE-2017-8750 critical
CVE-2017-8731 critical
CVE-2017-8753 critical
CVE-2017-8723 warning
CVE-2017-8724 warning
CVE-2017-8741 critical
CVE-2017-8754 warning
CVE-2017-8740 critical
CVE-2017-8752 critical
CVE-2017-8597 warning
CVE-2017-8660 critical
CVE-2017-8736 warning
CVE-2017-11764 critical
CVE-2017-8643 warning
CVE-2017-8751 critical
CVE-2017-8649 critical
CVE-2017-8748 critical
CVE-2017-8755 critical
CVE-2017-8737 critical
CVE-2017-8648 warning
CVE-2017-8739 warning
CVE-2017-8735 warning
CVE-2017-8733 warning
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/4036586
support.microsoft.com/kb/4038777
support.microsoft.com/kb/4038781
support.microsoft.com/kb/4038782
support.microsoft.com/kb/4038783
support.microsoft.com/kb/4038788
support.microsoft.com/kb/4038792
support.microsoft.com/kb/4038799
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11764
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11766
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8597
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8643
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8648
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8649
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8723
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8728
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8729
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8733
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8734
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8735
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8736
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8737
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8738
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8739
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8740
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8741
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8747
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8748
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8749
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8750
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8751
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8752
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8753
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8754
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8755
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8756
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Edge/
threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.9%