Kaspersky LabKLA11514KLA11514 Multiple vulnerabilities in Microsoft Browsers
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.3%
Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code.
Below is a complete list of vulnerabilities:
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2019-1001 critical
CVE-2019-1107 critical
CVE-2019-1106 critical
CVE-2019-1062 critical
CVE-2019-1092 critical
CVE-2019-1103 critical
CVE-2019-1063 critical
CVE-2019-1104 critical
CVE-2019-1059 critical
CVE-2019-1004 critical
CVE-2019-1056 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- ChakraCoreMicrosoft EdgeInternet Explorer 11Internet Explorer 10Internet Explorer 9
References
support.microsoft.com/kb/4507434
support.microsoft.com/kb/4507435
support.microsoft.com/kb/4507448
support.microsoft.com/kb/4507449
support.microsoft.com/kb/4507450
support.microsoft.com/kb/4507453
support.microsoft.com/kb/4507455
support.microsoft.com/kb/4507458
support.microsoft.com/kb/4507460
support.microsoft.com/kb/4507462
support.microsoft.com/kb/4507469
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1001
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1004
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1056
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1059
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1062
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1063
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1092
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1103
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1104
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1106
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1107
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/ChakraCore/
threats.kaspersky.com/en/product/Microsoft-Edge/
threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/
Related
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.3%