SB2016081001 - Multiple vulnerabilities in Microsoft Internet Explorer and Edge

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016081001

SB2016081001 - Multiple vulnerabilities in Microsoft Internet Explorer and Edge

Published: August 10, 2016

Security Bulletin ID SB2016081001
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 56% Low 44%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Information Disclosure (CVE-ID: CVE-2016-3329)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists when Internet Explorer incorrectly handles web page content. A remote attacker can create a specially crafted web page, trick a victim to open that page in browser and determine presence of specific files on victim’s computer.

Successful exploitation of this vulnerability my allow an attacker to obtain potentially sensitive information.


2) System Information Disclosure (CVE-ID: CVE-2016-3327)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to out-of-bound read when handling objects in memory. A remote attacker can create a specially crafted web page, trick a victim to open that page in browser and obtain potentially sensitive information from system memory.

Successful exploitation of this vulnerability my allow an attacker to obtain potentially sensitive information to perform further attacks against vulnerable system.


3) System Information Disclosure (CVE-ID: CVE-2016-3326)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to out-of-bound read when handling objects in memory. A remote attacker can create a specially crafted web page, trick a victim to open that page in browser and obtain potentially sensitive information from system memory.

Successful exploitation of this vulnerability my allow an attacker to obtain potentially sensitive information to perform further attacks against vulnerable system.


4) Memory Corruption (CVE-ID: CVE-2016-3322)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing objects in memory. A remote attacker can create a specially crafted web page, trick a victim to open that page in browser, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.


5) Information Disclosure (CVE-ID: CVE-2016-3321)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists when Internet Explorer incorrectly handles web page content. A remote attacker can create a specially crafted web page, trick a victim to open that page in browser and determine presence of specific files on victim’s computer.

Successful exploitation of this vulnerability my allow an attacker to obtain potentially sensitive information.


6) Memory Corruption Vulnerability (CVE-ID: CVE-2016-3293)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing objects in memory. A remote attacker can create a specially crafted web page, trick a victim to visit that page, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.


7) Memory Corruption Vulnerability (CVE-ID: CVE-2016-3290)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing objects in memory. A remote attacker can create a specially crafted web page, trick a victim to visit that page, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.


8) Memory Corruption Vulnerability (CVE-ID: CVE-2016-3289)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing objects in memory. A remote attacker can create a specially crafted web page, trick a victim to visit that page, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.


9) Memory Corruption Vulnerability (CVE-ID: CVE-2016-3288)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing objects in memory. A remote attacker can create a specially crafted web page, trick a victim to visit that page, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.


Remediation

Install update from vendor's website.

References