Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11045
HistoryJun 13, 2017 - 12:00 a.m.

KLA11045 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

2017-06-1300:00:00
Kaspersky Lab
threats.kaspersky.com
224

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.94 High

EPSS

Percentile

99.1%

JSON

Detect date:

06/13/2017

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.

Affected products:

Microsoft Edge
Microsoft Internet Explorer versions 9 through 11

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-8520
CVE-2017-8498
CVE-2017-8499
CVE-2017-8496
CVE-2017-8497
CVE-2017-8523
CVE-2017-8530
CVE-2017-8524
CVE-2017-8522
CVE-2017-8549
CVE-2017-8517
CVE-2017-8521
CVE-2017-8504
CVE-2017-8548
CVE-2017-8519
CVE-2017-8547
CVE-2017-8555
CVE-2017-8529
CVE-2017-8496
CVE-2017-8497
CVE-2017-8498
CVE-2017-8499
CVE-2017-8504
CVE-2017-8517
CVE-2017-8519
CVE-2017-8520
CVE-2017-8521
CVE-2017-8522
CVE-2017-8523
CVE-2017-8524
CVE-2017-8529
CVE-2017-8547
CVE-2017-8548
CVE-2017-8549
CVE-2017-8555

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2017-84967.6Critical
CVE-2017-84977.6Critical
CVE-2017-84984.3Warning
CVE-2017-84997.6Critical
CVE-2017-85044.3Warning
CVE-2017-85177.6Critical
CVE-2017-85197.6Critical
CVE-2017-85207.6Critical
CVE-2017-85217.6Critical
CVE-2017-85227.6Critical
CVE-2017-85234.3Warning
CVE-2017-85247.6Critical
CVE-2017-85294.3Warning
CVE-2017-85305.8High
CVE-2017-85477.6Critical
CVE-2017-85487.6Critical
CVE-2017-85497.6Critical
CVE-2017-85554.3Warning

Microsoft official advisories:

KB list:

4038788
4038782
4038783
4038792
4038799
4038781
4038777
4022719
4022726
4022714
4021558
4022724
4022727
4022715
4022725
4036586

Exploitation:

Public exploits exist for this vulnerability.

References

Related

prion 18
cve 18
cvelist 18
nessus 6
veracode 5
openvas 5
mskb 4
thn 1
mscve 85
threatpost 1
symantec 18
checkpoint_advisories 6
seebug 2
zdt 3
packetstorm 2
zdi 2
osv 1
trendmicroblog 1
talosblog 1
rapid7community 1
qualysblog 1
prion
prion
Memory corruption
2017-06-15 01:29:00
Memory corruption
2017-06-15 01:29:00
Memory corruption
2017-06-15 01:29:00
cve
cve
CVE-2017-8548
2017-06-15 01:29:00
CVE-2017-8520
2017-06-15 01:29:00
CVE-2017-8521
2017-06-15 01:29:00
cvelist
cvelist
CVE-2017-8549
2017-06-15 01:00:00
CVE-2017-8548
2017-06-15 01:00:00
CVE-2017-8521
2017-06-15 01:00:00
nessus
nessus
Security Updates for Internet Explorer (June 2017)
2017-11-30 00:00:00
Windows 10 / Windows Server 2016 September 2017 Information Disclosure Vulnerability (CVE-2017-8529)
2020-05-28 00:00:00
KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 (CVE-2017-8529) (deprecated)
2020-01-17 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-12-11 05:01:58
Remote Code Execution (RCE)
2018-12-11 05:18:20
Remote Code Execution (RCE)
2018-12-11 05:07:45
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (KB4021558)
2017-06-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4022725)
2017-06-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4022715)
2017-06-14 00:00:00
mskb
mskb
Cumulative security update for Internet Explorer: June 13, 2017
2017-06-13 07:00:00
June 13, 2017—KB4022725 (OS Build 15063.413 and 15063.414)
2017-08-04 07:00:00
June 13, 2017—KB4022715 (OS Build 14393.1358)
2017-08-04 07:00:00
thn
thn
Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month
2017-06-13 23:18:00
mscve
mscve
Internet Explorer Memory Corruption Vulnerability
2017-06-13 07:00:00
Microsoft Edge Memory Corruption Vulnerability
2017-06-13 07:00:00
Microsoft Edge Memory Corruption Vulnerability
2017-06-13 07:00:00
threatpost
threatpost
Microsoft Patches Two Critical Vulnerabilities Under Attack
2017-06-13 16:23:28
symantec
symantec
Microsoft Edge CVE-2017-8499 Remote Memory Corruption Vulnerability
2017-06-13 00:00:00
Microsoft Edge CVE-2017-8520 Remote Memory Corruption Vulnerability
2017-06-13 00:00:00
Microsoft Edge CVE-2017-8497 Remote Memory Corruption Vulnerability
2017-06-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8496)
2017-06-13 00:00:00
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8497)
2017-06-13 00:00:00
Microsoft Browser Information Disclosure (CVE-2017-8529)
2017-06-13 00:00:00
seebug
seebug
Microsoft Edge: Type confusion in CssParser::RecordProperty(CVE-2017-8496)
2017-06-27 00:00:00
Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter #2(CVE-2017-8548)
2017-08-17 00:00:00
zdt
zdt
Microsoft Edge CssParser::RecordProperty Type Confusion Exploit
2017-06-26 00:00:00
Microsoft Edge - CssParser::RecordProperty Type Confusion Exploit
2017-06-28 00:00:00
Microsoft Edge Chakra Incorrect Jit Optimization Exploit
2017-08-17 00:00:00
packetstorm
packetstorm
Microsoft Edge CssParser::RecordProperty Type Confusion
2017-06-24 00:00:00
Microsoft Edge Chakra Incorrect Jit Optimization
2017-08-16 00:00:00
zdi
zdi
Microsoft Edge DOMAttrModified Type Confusion Remote Code Execution Vulnerability
2017-08-24 00:00:00
Microsoft Internet Explorer InsertRow Out-Of-Bounds Read Remote Code Execution Vulnerability
2017-06-13 00:00:00
osv
osv
CVE-2017-8529
2017-06-15 01:29:04
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 12, 2017
2017-06-16 12:00:40
talosblog
talosblog
Microsoft Patch Tuesday - June 2017
2017-06-13 13:48:00
rapid7community
rapid7community
Patch Tuesday - July 2017
2017-07-12 13:39:36
qualysblog
qualysblog
Microsoft Fixes 94 Security Issues in Massive June Update
2017-06-13 18:28:02

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.94 High

EPSS

Percentile

99.1%

JSON
Related for KLA11045
prion18cve18cvelist18nessus6veracode5openvas5mskb4thn1mscve85threatpost1symantec18checkpoint_advisories6seebug2zdt3packetstorm2zdi2osv1trendmicroblog1talosblog1rapid7community1qualysblog1