Remote code execution in Microsoft Internet Explorer

Published: 2018-01-04 12:55:54
Severity High
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2018-0762
CVE-2018-0772
CVSSv3 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-119
Exploitation vector Network
Public exploit Not available
Vulnerable software Microsoft Edge
Microsoft Internet Explorer
Vulnerable software versions Microsoft Edge -
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Vendor URL Microsoft

Security Advisory

1) Memory corruption

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing content in browser. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0773

2) Memory corruption

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing content in browser. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0773

Back to List