Microsoft Internet Explorer Cumulative Security Update

Last Update Date: 9 Dec 2015 13:54 Release Date: 9 Dec 2015 3660 Views

RISK: High Risk

TYPE: Clients - Browsers

Multiple Internet Explorer Memory Corruption Vulnerabilities
Multiple remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Multiple Microsoft Browser XSS Filter Bypass Vulnerabilities
Multiple XSS filter bypass vulnerabilities exist in the way that Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerabilities could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.
Scripting Engine Information Disclosure Vulnerability
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.
Scripting Engine Memory Corruption Vulnerability
A multiple remote code execution vulnerability exists in the way that the VBScript engine renders when handling objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce content types. An attacker who successfully exploited the vulnerability could run arbitrary script with elevated privileges.
Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could provide the attacker with information to further compromise the user's system.
Microsoft Browser ASLR Bypass
A security feature bypass exists when Internet Explorer fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited it could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.
Internet Explorer XSS Filter Bypass Vulnerability
A security feature bypass vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. The vulnerability could allow an attacker to access information from one domain and inject it into another domain.