Multiple vulnerabilities in Microsoft Internet Explorer

Published: 2016-10-11 00:00:00 | Updated: 2017-02-27 13:32:20
Severity High
Patch available YES
Number of vulnerabilities 11
CVSSv2 3.6 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
4.3 (AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
4.3 (AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
CVSSv3 4.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE ID CVE-2016-3298
CVE-2016-3267
CVE-2016-3331
CVE-2016-3382
CVE-2016-3383
CVE-2016-3384
CVE-2016-3385
CVE-2016-3387
CVE-2016-3388
CVE-2016-3390
CVE-2016-3391
CWE ID CWE-200
CWE-119
CWE-46
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software Microsoft Internet Explorer
Microsoft Edge
Vulnerable software versions Microsoft Internet Explorer 11
Microsoft Internet Explorer 10
Microsoft Internet Explorer 9
Microsoft Edge -
Vendor URL Microsoft
Advisory type Public

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerablity exists due to improper handling of objects in memory by the Internet Messaging API. A remote attacker can create a specially crafted content, trick the victim into opening it, bypass security restrictions and determine the existence of arbitrary files.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-126

2) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to object memory handling error. A remote attacker can create a specially crafted content, trick the victim inro downloading it, trigger memory corruption and determine arbitrary files on the target system.

Successful exploitation of the vulnerability will result in information disclosure on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

3) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness is due to boundary error when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into downloading it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

4) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Scripting Engine when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into downloading it, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

5) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118

6) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118

7) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118

8) Privilege Escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to improper defense of private namespace by the browser. A remote attacker can create a specially crafted content, trick the victim into downloading it, gain privileged permissions to the namespace directory on the system.

Successful exploitation of the vulnerability will result in privilege escalation on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

9) Privilege Escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness is due to improper defense of private namespace by the browser. A remote attacker can create a specially crafted content, trick the victim into downloading it, gain privileged permissions to the namespace directory on the system.

Successful exploitation of the vulnerability will result in privilege escalation on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

10) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Scripting Engine when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into downloading it, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability will result in arbitrary code execution.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

11) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper storage of credential data in memory. A remote attacker can access access a memory dump and get credential information.

Successful exploitation of the vulnerability will result in personal data disclosure.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

Back to List