Multiple vulnerabilities in Microsoft Internet Explorer

Published: 2019-05-15 22:19:02 | Updated: 2019-05-15
Severity High
Patch available YES
Number of vulnerabilities 7
CVE ID CVE-2019-0995
CVE-2019-0930
CVE-2019-0929
CVE-2019-0921
CVE-2019-0918
CVE-2019-0911
CVE-2019-0884
CVSSv3 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
CWE-125
CWE-119
CWE-451
Exploitation vector Network
Public exploit N/A
Vulnerable software Microsoft Internet Explorer
Vulnerable software versions Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Vendor URL Microsoft

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to an error within urlmon.dll when handling certain Mark of the Web queries. A remote attacker can create a specially crafted file, trick the victim to download and open it with Internet Explorer and bypass Mark of the Web warnings or restrictions for files downloaded or created in a specific way.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0995

2) Out-of-bounds read

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition due to the way Internet Explorer handles objects in memory. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger out-of-bounds read error and read contents of memory on the system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0930

3) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0929

4) Spoofing attack

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can create a specially crafted URL and spoof page content.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0921

5) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within scripting engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0918

6) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within scripting engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0911

7) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in scripting engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0884

Back to List