Описание
Internet Explorer Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries. The vulnerability allows Internet Explorer to bypass Mark of the Web warnings or restrictions for files downloaded or created in a specific way.
In a web-based attack scenario, an attacker would need to host a malicious file that is designed to exploit the vulnerability and then convince a user to download the malicious file and then open the file in Internet Explorer.
The security update addresses the vulnerability by modifying how urlmon.dll handles Mark of the Web queries.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | ||
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | ||
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | ||
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | ||
| Internet Explorer 11 on Windows Server 2019 | ||
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
7.3 High
CVSS3
Связанные уязвимости
A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'.
A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'.
Уязвимость библиотеки urlmon.dll браузера Internet Explorer, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
7.3 High
CVSS3