Microsoft Internet Explorer Multiple Vulnerabilities


Description   Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
For more information:
SA64484 (#2)
1) An unspecified error can be exploited to bypass ASLR.
2) An error when handling scripts can be exploited to run a script with otherwise restricted elevated privileges.
3) Another error when handling scripts can be exploited to run a script with otherwise restricted elevated privileges.
4) Another error when handling scripts can be exploited to run a script with otherwise restricted elevated privileges.
5) Another error when handling scripts can be exploited to run a script with otherwise restricted elevated privileges.
6) An error related to the Windows clipboard can be exploited do disclose Windows clipboard contents.
7) An unspecified error can be exploited to corrupt memory.
8) Another unspecified error can be exploited to corrupt memory.
9) Another unspecified error can be exploited to corrupt memory.
10) Another unspecified error can be exploited to corrupt memory.
11) Another unspecified error can be exploited to corrupt memory.
12) Another unspecified error can be exploited to corrupt memory.
13) Another unspecified error can be exploited to corrupt memory.
14) A type confusion error related to CSecurityContext objects can be exploited to corrupt memory.
15) Another unspecified error can be exploited to corrupt memory.
16) Another unspecified error can be exploited to corrupt memory.
17) Another unspecified error can be exploited to corrupt memory.
18) A use-after-free error when handling CTitleElement objects can be exploited to corrupt memory.
19) Another unspecified error can be exploited to corrupt memory.
20) Another unspecified error can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #7 through #20 allows execution of arbitrary code.
     
Vulnerable Products   Vulnerable Software:
Microsoft Internet Explorer 10.xMicrosoft Internet Explorer 11.xMicrosoft Internet Explorer 6.xMicrosoft Internet Explorer 7.xMicrosoft Internet Explorer 8.xMicrosoft Internet Explorer 9.x
     
Solution   Apply update.-- Internet Explorer 6 --Windows Server 2003 Service Pack 2:https://www.microsoft.com/downloads/details.aspx?familyid=e9780d19-d5d1-4842-9be5-5de60a600748Windows Server 2003 x64 Edition Service Pack 2:https://www.microsoft.com/downloads/details.aspx?familyid=e199e443-eacc-4710-8d65-1986dc389720Windows Server 2003 with SP2 for Itanium-based Systems:https://www.microsoft.com/downloads/details.aspx?familyid=5ee1bab4-51bb-44f0-b9a8-e657c5028a18-- Internet Explorer 7 --Windows Server 2003 Service Pack 2:https://www.microsoft.com/downloads/details.aspx?familyid=0d4bf7c2-1e6a-4832-9ed0-d0fd4a0325eaWindows Server 2003 x64 Edition Service Pack 2:https://www.microsoft.com/downloads/details.aspx?familyid=61baeb31-54fa-47c4-9dd4-90496ba16897Windows Server 2003 with SP2 for Itanium-based Systems:https://www.microsoft.com/downloads/details.aspx?familyid=7eca1bed-0749-488d-9b72-790a6427993cWindows Vista Service Pack 2:https://www.microsoft.com/downloads/details.aspx?familyid=cbc4c381-31bc-4767-91ca-74945f40df88Windows Vista x64 Edition Service Pack 2:https://www.microsoft.com/downloads/details.aspx?familyid=a0cbeb42-6f97-44f8-a91c-27c8dc174095Windows Server 2008 for 32-bit Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?familyid=0c30433b-dbca-469a-b63b-0990da215650Windows Server 2008 for x64-based Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?familyid=63d11a5e-8151-424d-8b11-db39b63a0db7Windows Server 2008 for Itanium-based Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?familyid=df00d157-6dae-465a-aee1-0364e303c6e7-- Internet Explorer 8 --Windows Server 2003 Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=50f814f3-47fa-49db-96b5-196770c882b6Windows Server 2003 x64 Edition Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=9ea37147-d9e8-433f-92a5-97564a09f44bWindows Vista Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=62e3077f-e34b-4d60-b2dd-4dfee59be669Windows Vista x64 Edition Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=15184e17-9469-4753-92f6-e8a9f6ff5d0fWindows Server 2008 for 32-bit Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=ac78c1aa-f644-465b-be41-7821bf101471Windows Server 2008 for x64-based Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=b51c00f1-7aeb-480b-94ec-1be11b6889d4Windows 7 for 32-bit Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=0b48d534-9cb1-41bf-8045-3761ea184bb3Windows 7 for x64-based Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=1a80951d-f78f-4250-9390-5af05a66da65Windows Server 2008 R2 for x64-based Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=7b3735b1-7f1c-479b-94f6-4eae3747d6f2Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=5b2402e8-5003-4d7c-b2f6-e6a9d90fdd59-- Internet Explorer 9 --Windows Vista Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=2cb0ac05-2bc1-464f-bdb4-13e56173bedeWindows Vista x64 Edition Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=93d15ddb-ac6a-4ec5-8785-3f7864f3e582Windows Server 2008 for 32-bit Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=4ccfb938-ecb9-46a5-b20c-b4a2089190d1Windows Server 2008 for x64-based Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=60be4da9-edb2-408d-b6e4-04b62264a84fWindows 7 for 32-bit Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=5d167df9-7c74-4a9a-a444-b00ca3b8608fWindows 7 for x64-based Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=d9e24689-48da-429c-a827-88d7f1928848Windows Server 2008 R2 for x64-based Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=8132af88-1035-446b-9356-3aea5c4c8a6d-- Internet Explorer 10 --Windows 7 for 32-bit Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=4ad23b75-75f4-483e-b401-5cb2952ff692Windows 7 for x64-based Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=0055f441-675d-4919-8bec-d12b91839131Windows Server 2008 R2 for x64-based Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=4ff3d26e-7285-45fb-bbaa-9577fbf9c412Windows 8 for 32-bit Systems:https://www.microsoft.com/downloads/details.aspx?FamilyID=544bbfed-1cb3-4fd3-bd5e-c5caf5b41f6dWindows 8 for x64-based Systems:https://www.microsoft.com/downloads/details.aspx?FamilyID=5e6338fb-3d5b-4345-b696-33094d6727ccWindows Server 2012:https://www.microsoft.com/downloads/details.aspx?FamilyID=0da7cb29-3039-48b7-bd04-6add337b2f9d-- Internet Explorer 11 --Windows 7 for 32-bit Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=b569b55d-d154-430c-9f61-53619c701065Windows 7 for x64-based Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=7b55d694-f7b7-47dd-a02d-6d32c3bee1e7Windows Server 2008 R2 for x64-based Systems Service Pack 1:https://www.microsoft.com/downloads/details.aspx?FamilyID=b1044031-0c09-4c23-a904-c79a827e769fWindows 8.1 for 32-bit Systems:https://www.microsoft.com/downloads/details.aspx?FamilyID=73cbd59d-2556-479e-80b8-6b6fa8ea0f43Windows 8.1 for x64-based Systems:https://www.microsoft.com/downloads/details.aspx?FamilyID=1eae9b2a-811b-47b2-9e44-94a081b3a316Windows Server 2012 R2:https://www.microsoft.com/downloads/details.aspx?FamilyID=afca86bb-86d6-4054-af74-24638f37a75cNote: Security Updates for Windows RT and RT 8.1 are available via Windows Update only.
     
CVE   CVE-2015-1718
CVE-2015-1717
CVE-2015-1714
CVE-2015-1713
CVE-2015-1712
CVE-2015-1711
CVE-2015-1710
CVE-2015-1709
CVE-2015-1708
CVE-2015-1706
CVE-2015-1705
CVE-2015-1704
CVE-2015-1703
CVE-2015-1694
CVE-2015-1692
CVE-2015-1691
CVE-2015-1689
CVE-2015-1688
CVE-2015-1686
CVE-2015-1685
CVE-2015-1658
     
References   MS15-043 (KB3049563):
https://technet.microsoft.com/en-us/library/security/ms15-043.aspx
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-15-181/
http://www.zerodayinitiative.com/advisories/ZDI-15-184/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Web 2.0 : Detection of visual basic script embedded in web page
5.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2015-1706)
6.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2015-1689)
6.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2015-1711)
6.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2015-1691)
6.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2015-1708)
6.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2015-1710)
6.0.0
Web 2.0 : Internet Explorer memory corruption vulnerability (CVE-2015-1709)
6.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2015-05-12 

 Target Type 
Client 

 Possible exploit 
Remote