Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11140
HistoryNov 14, 2017 - 12:00 a.m.

KLA11140 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

2017-11-1400:00:00
Kaspersky Lab
threats.kaspersky.com
55

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.935

Percentile

99.2%

JSON

Multiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and obtain sensitive information.

Original advisories

CVE-2017-11791

CVE-2017-11803

CVE-2017-11827

CVE-2017-11833

CVE-2017-11834

CVE-2017-11836

CVE-2017-11837

CVE-2017-11838

CVE-2017-11839

CVE-2017-11840

CVE-2017-11841

CVE-2017-11843

CVE-2017-11844

CVE-2017-11845

CVE-2017-11846

CVE-2017-11848

CVE-2017-11855

CVE-2017-11856

CVE-2017-11858

CVE-2017-11861

CVE-2017-11862

CVE-2017-11863

CVE-2017-11866

CVE-2017-11869

CVE-2017-11870

CVE-2017-11871

CVE-2017-11872

CVE-2017-11873

CVE-2017-11874

Exploitation

Public exploits exist for this vulnerability.

Related products

Microsoft-Internet-Explorer

Microsoft-Edge

CVE list

CVE-2017-11791 warning

CVE-2017-11803 warning

CVE-2017-11827 critical

CVE-2017-11833 warning

CVE-2017-11834 warning

CVE-2017-11836 critical

CVE-2017-11837 critical

CVE-2017-11838 critical

CVE-2017-11839 critical

CVE-2017-11840 critical

CVE-2017-11841 critical

CVE-2017-11843 critical

CVE-2017-11844 warning

CVE-2017-11845 critical

CVE-2017-11846 critical

CVE-2017-11848 warning

CVE-2017-11855 critical

CVE-2017-11856 critical

CVE-2017-11858 critical

CVE-2017-11861 critical

CVE-2017-11862 critical

CVE-2017-11863 warning

CVE-2017-11866 critical

CVE-2017-11869 critical

CVE-2017-11870 critical

CVE-2017-11871 critical

CVE-2017-11872 warning

CVE-2017-11873 critical

CVE-2017-11874 warning

KB list

4042895

4048955

4048952

4048953

4048954

4048956

4048957

4048958

4048959

4047206

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Microsoft EdgeInternet Explorer 9Internet Explorer 10Internet Explorer 11

References

Related

openvas 9
prion 29
cvelist 29
cve 29
nvd 29
osv 3
github 3
nessus 9
mskb 9
veracode 2
talosblog 1
trendmicroblog 1
qualysblog 1
threatpost 1
thn 1
kaspersky 1
mscve 14
checkpoint_advisories 5
symantec 14
zdt 3
zdi 1
krebs 1
packetstorm 1
seebug 1
exploitdb 2
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4048955)
2017-11-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (KB4047206)
2017-11-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4048954)
2017-11-15 00:00:00
prion
prion
Memory corruption
2017-11-15 03:29:00
Memory corruption
2017-11-15 03:29:00
Memory corruption
2017-11-15 03:29:00
cvelist
cvelist
CVE-2017-11858
2017-11-15 03:00:00
CVE-2017-11871
2017-11-15 03:00:00
CVE-2017-11838
2017-11-15 03:00:00
cve
cve
CVE-2017-11870
2017-11-15 03:29:01
CVE-2017-11866
2017-11-15 03:29:01
CVE-2017-11871
2017-11-15 03:29:01
nvd
nvd
CVE-2017-11841
2017-11-15 03:29:00
CVE-2017-11870
2017-11-15 03:29:01
CVE-2017-11871
2017-11-15 03:29:01
osv
osv
Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects
2022-05-17 00:19:55
Chakra Core vulnerable to privilege escalation due to reading an invalid pointer
2022-05-17 00:19:54
Chakra Core vulnerable to privilege escalation due to type confusion
2022-05-17 00:19:55
github
github
Chakra Core vulnerable to privilege escalation due to type confusion
2022-05-17 00:19:55
Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects
2022-05-17 00:19:55
Chakra Core vulnerable to privilege escalation due to reading an invalid pointer
2022-05-17 00:19:54
nessus
nessus
Security Updates for Internet Explorer (November 2017)
2017-11-30 00:00:00
KB4048955: Windows 10 Version 1709 and Windows Server Version 1709 November 2017 Cumulative Update
2017-11-14 00:00:00
KB4048954: Windows 10 Version 1703 November 2017 Cumulative Update
2017-11-14 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: November 14, 2017
2017-11-14 08:00:00
November 14, 2017—KB4048954 (OS Build 15063.726 and 15063.728)
2017-11-14 08:00:00
November 14, 2017—KB4048955 (OS Build 16299.64)
2017-11-14 08:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-12-03 05:21:16
Information Disclosure
2018-12-11 03:35:02
talosblog
talosblog
Microsoft Patch Tuesday - November 2017
2017-11-14 11:54:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of November 13, 2017
2017-11-17 16:46:19
qualysblog
qualysblog
November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update
2017-11-14 19:37:26
threatpost
threatpost
Microsoft November Patch Tuesday Fixes 20 Critical Vulnerabilities
2017-11-14 17:10:48
thn
thn
Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities
2017-11-14 20:46:00
kaspersky
kaspersky
KLA11855 Multiple vulnerabilities in Microsoft Products (ESU)
2017-11-14 00:00:00
mscve
mscve
Microsoft Edge Security Feature Bypass Vulnerability
2017-11-14 08:00:00
Microsoft Edge Security Feature Bypass Vulnerability
2017-11-14 08:00:00
Microsoft Edge Memory Corruption Vulnerability
2017-11-14 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Memory Corruption (CVE-2017-11845)
2017-11-14 00:00:00
Microsoft Internet Explorer Memory Corruption (CVE-2017-11856)
2017-11-14 00:00:00
Microsoft Browser Scripting Engine Information Disclosure (CVE-2017-11791)
2017-11-14 00:00:00
symantec
symantec
Microsoft Edge CVE-2017-11874 Security Bypass Vulnerability
2017-11-14 00:00:00
Microsoft Edge CVE-2017-11845 Remote Memory Corruption Vulnerability
2017-11-14 00:00:00
Microsoft Edge CVE-2017-11844 Information Disclosure Vulnerability
2017-11-14 00:00:00
zdt
zdt
Microsoft Edge Chakra CFG Bypass Due To Bug In ServerFreeAllocation Vulnerability
2017-12-06 00:00:00
Microsoft Windows jscript!JsArraySlice Uninitialized Variable Exploit
2017-12-19 00:00:00
Microsoft Edge Chakra JIT BailOutOnTaggedValue Bailouts Exploit
2017-11-26 00:00:00
zdi
zdi
Microsoft Windows JavaScript Array Use-After-Free Remote Code Execution Vulnerability
2017-11-20 00:00:00
krebs
krebs
Adobe, Microsoft Patch Critical Cracks
2017-11-14 23:12:32
packetstorm
packetstorm
WIndows jscript!JsArraySlice Uninitialized Variable
2017-12-18 00:00:00
seebug
seebug
Windows: Uninitialized variable in jscript!JsArraySlice(CVE-2017-11855)
2017-12-20 00:00:00
exploitdb
exploitdb
Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable
2017-12-19 00:00:00
Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion
2017-11-16 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.935

Percentile

99.2%

JSON
Related for KLA11140
openvas9prion29cvelist29cve29nvd29osv3github3nessus9mskb9veracode2talosblog1trendmicroblog1qualysblog1threatpost1thn1kaspersky1mscve14checkpoint_advisories5symantec14zdt3zdi1krebs1packetstorm1seebug1exploitdb2