|CERT-In Vulnerability Note
Multiple Vulnerabilities in Microsoft Internet Explorer
Original Issue Date:November 22, 2017
Severity Rating: HIGH
- Internet Explorer versions 9,10,11
- Microsoft Edge
- Windows Server 2012
- Windows 7 for x64-based Systems Service Pack 1
- Windows 10 Version 1511 for x64-based Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1709 for 64-based Systems
- Windows RT 8.1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows 10 for 32-bit Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 8.1 for x64-based systems
- Windows 10 Version 1511 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows Server 2016
- Windows 10 for x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems
- Windows Server, version 1709 (Server Core Installation)
- Windows 8.1 for 32-bit systems
- Windows 10 Version 1709 for 32-bit Systems
- Windows Server 2012 R2
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
Multiple Vulnerabilities have been reported in the Microsoft Internet Explorer which could allow an attacker to execute arbitrary code on the targeted system.
1. Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
These vulnerabilities are exist due to improper memory operations that are performed by the affected software. An attacker who successfully exploited these vulnerabilities could use a specially crafted file to perform actions in the security context of the current user.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely.
2. Microsoft Internet Explorer Information Disclosure Vulnerability
These vulnerabilities are exist due to improper memory operations that are performed by the affected software. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
Successful exploitation of these vulnerabilities could allow the attacker to access sensitive information on the targeted system, which could be used to compromise the system completely.
Apply appropriate software fixes as available on the vendor website.
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003