SB2018111309 - Multiple vulnerabilities in Microsoft Internet Explorer

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018111309

SB2018111309 - Multiple vulnerabilities in Microsoft Internet Explorer

Published: November 13, 2018

Security Bulletin ID SB2018111309
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2018-8570)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when Internet Explorer accesses objects in memory. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Memory corruption (CVE-ID: CVE-2018-8552)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a boundary error when VBScript improperly discloses the contents of its memory. A remote attacker with knowledge of the memory address of where the object was created can trigger memory corruption and access arbitrary data that can be used to conduct further attacks.


Remediation

Install update from vendor's website.

References