Описание
Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries.
An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.
The updates address the vulnerability by correcting how Internet Explorer validates hyperlinks before loading executable libraries.
FAQ
I am running Interenet Explorer 11 on Windows 7 or Windows Server 2008 R2. Why do I need to install the Security Only update and not the IE Cumulative Update?
The binary affected by this vulnerability is in the code path for Windows 7 and not for Internet Explorer 11. Customers Internet Explorer 11 on Windows 7 or Windows Server 2008 R2 and who normally install the IE Cumulative updates should install the Windows Security Only update to be protected from this vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Internet Explorer 10 on Windows Server 2012 | ||
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | ||
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | ||
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | ||
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 for 32-bit Systems | ||
| Internet Explorer 11 on Windows 10 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.
A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.
EPSS
6.4 Medium
CVSS3