SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Microsoft Internet Explorer Vendors:   Microsoft
Microsoft Internet Explorer Object Memory Handling and Validation Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1041483
SecurityTracker URL:  http://securitytracker.com/id/1041483
CVE Reference:   CVE-2018-8316, CVE-2018-8353, CVE-2018-8371, CVE-2018-8373, CVE-2018-8389   (Links to External Site)
Date:  Aug 15 2018
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9, 10, 11
Description:   Multiple vulnerabilities were reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted content that, when loaded by the target user, will exploit a hyperlink validation flaw and execute arbitrary code on the target user's system [CVE-2018-8316]. Versions 10 and 11 are affected.

A remote user can create specially crafted content that, when loaded by the target user, will trigger an object memory handling error in the scripting engine and execute arbitrary code on the target user's system [CVE-2018-8353, CVE-2018-8371, CVE-2018-8373, CVE-2018-8389].

This can also be exploited via an embedded ActiveX control marked "safe for initialization" in an application or via a Microsoft Office document that hosts the scripting rendering engine.

Anonymous (via Trend Micro's Zero Day Initiative), Simon Zuckerbraun (via Trend Micro's Zero Day Initiative), Elliot Cao of Trend Micro Security Research (via Trend Micro's Zero Day Initiative), Sudhakar Verma and Ashfaq Ansari - Project Srishti (via iDefense Labs), and Ivan Fratric of Google Project Zero reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix.

The Microsoft advisories are available at:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8316
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8371
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8373
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8389

Vendor URL:  portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8316 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC