SB2017080822 - Multiple vulnerabilities in Microsoft Internet Explorer

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017080822

SB2017080822 - Multiple vulnerabilities in Microsoft Internet Explorer

Published: August 8, 2017

Security Bulletin ID SB2017080822
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 86% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2017-8651)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error when handling objects in memory by Internet Explorer. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Security restrictions bypass (CVE-ID: CVE-2017-8625)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to improper validation of User Mode Code Integrity (UMCI) policies by Internet Explorer. A local attacker can run a specially crafted application to bypass Device Guard UCMI policies.

Successful exploitation of the vulnerability may result in further attacks.

3) Memory corruption (CVE-ID: CVE-2017-8641)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error when handling objects in memory by JavaScript engines. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Memory corruption (CVE-ID: CVE-2017-8635)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error when handling objects in memory by JavaScript engines. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Memory corruption (CVE-ID: CVE-2017-8636)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error when handling objects in memory by Microsoft browser JavaScript engines. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

6) Memory corruption (CVE-ID: CVE-2017-8669)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error when handling objects in memory by Microsoft browsers. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Memory corruption (CVE-ID: CVE-2017-8653)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error when handling objects in memory by Microsoft browsers. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References