Microsoft Internet Explorer Cumulative Security Update
Last Update Date:
11 Feb 2016 12:23
Release Date:
11 Feb 2016
3160
Views
RISK: High Risk
TYPE: Clients - Browsers
- DLL Loading Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. - Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists in Internet Explorer when Hyperlink Object Library improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. - Multiple Internet Explorer Memory Corruption Vulnerabilities
Multiple remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. - Microsoft Browser Spoofing Vulnerability
A spoofing vulnerability exists when a Microsoft browser does not properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services. - Multiple Internet Explorer Elevation of Privilege Vulnerabilities
Multiple elevation of privilege vulnerabilities exist when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.
Impact
- Elevation of Privilege
- Remote Code Execution
- Information Disclosure
- Spoofing
System / Technologies affected
- Internet Explorer 9, 10, 11
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS16-009
Vulnerability Identifier
- CVE-2016-0041
- CVE-2016-0059
- CVE-2016-0060
- CVE-2016-0061
- CVE-2016-0062
- CVE-2016-0063
- CVE-2016-0064
- CVE-2016-0067
- CVE-2016-0068
- CVE-2016-0069
- CVE-2016-0071
- CVE-2016-0072
- CVE-2016-0077
Source
Related Link
Share with