Kaspersky LabKLA11771KLA11771 Multiple vulnerabilities in Microsoft Internet Explorer and Edge
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
0.081 Low
EPSS
Percentile
94.4%
Multiple vulnerabilities were found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in MSHTML Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to gain privileges.
- A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Edge PDF can be exploited remotely via specially crafted to execute arbitrary code.
- A spoofing vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to spoof user interface.
- A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2020-1064 critical
CVE-2020-1065 critical
CVE-2020-1062 critical
CVE-2020-1056 high
CVE-2020-1060 critical
CVE-2020-1096 critical
CVE-2020-1059 warning
CVE-2020-1058 critical
CVE-2020-1093 critical
CVE-2020-1092 critical
CVE-2020-1035 critical
CVE-2020-1037 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Internet Explorer 11ChakraCoreMicrosoft Edge (EdgeHTML-based)Internet Explorer 9
References
support.microsoft.com/kb/4551853
support.microsoft.com/kb/4556798
support.microsoft.com/kb/4556799
support.microsoft.com/kb/4556807
support.microsoft.com/kb/4556812
support.microsoft.com/kb/4556813
support.microsoft.com/kb/4556826
support.microsoft.com/kb/4556836
support.microsoft.com/kb/4556840
support.microsoft.com/kb/4556846
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1035
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1037
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1056
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1058
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1059
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1060
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1062
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1064
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1065
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1092
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1093
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1096
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/ChakraCore/
threats.kaspersky.com/en/product/Microsoft-Edge/
threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/
Related
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
0.081 Low
EPSS
Percentile
94.4%