CVE-2017-8517 漏洞信息： Microsoft Internet Explorer Security Update for June 2017

2017年6月17日 2067点热度 0人点赞 0条评论

漏洞类别：Internet Explorer

漏洞等级：

漏洞信息

Internet Explorer is a web-browser developed by Microsoft which is included in Microsoft Windows Operating Systems.

Microsoft has released Cumulative Security Updates for Internet Explorer which addresses various vulnerabilities found in Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10) and Internet Explorer 11 (IE 11). The security updated is rated Moderate for for Internet Explorer 9 (IE 9) and Internet Explorer 10 (IE 10) and Critical for Internet Explorer 11 (IE 11).

The Security Update addresses the vulnerabilities by fixing:

1) The update addresses the vulnerability by fixing how Microsoft browser JavaScript scripting engines objects in memory. (CVE-2017-8517)
2) The update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. (CVE-2017-8519)
3) The update addresses the vulnerability by fixing how Microsoft browser JavaScript scripting engines objects in memory. (CVE-2017-8522)
4) The update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines objects in memory. (CVE-2017-8524)
5) The update addresses the vulnerability by restricting the information returned on affected Microsoft browsers. (CVE-2017-8529)
6) The update addresses the vulnerability by modifying how JavaScript scripting engines objects in memory. (CVE-2017-8547)
KB Articles associated with the Update:

1) 4022714
2) 4022726
3) 4021558
4) 4022715
5) 4022727
6) 4022725
7) 4022724
8) 4022719

QID Detection Logic (Authenticated):
Operating Systems: Windows XP Embedded, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8.1, Windows RT 8.1, Windows10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
This QID checks for the file version of %windir%\System32\mshtml.dll
The following KBs are checked:
The patch version of 8.0.6001.23952(KB4018271)
The patch version of 9.0.8112.16906 (KB4018271)
The patch version of 9.0.8112.21017 (KB4018271)
The patch version of 10.0.9200.22168 (KB4018271)
The patch version of 11.0.9600.18698 (KB4018271 or KB4019215 or KB4019264)
The patch version of 11.0.10240.17443 (KB4019474)
The patch version of 11.0.10586.962 (KB4019473)
The patch version of 11.0.14393.1356 (KB4019472)
The patch version of 11.0.15063.413 (KB4016871)

漏洞危害

Successful exploitation of the vulnerability allows:

1) Remote Code Execution (CVE-2017-8517, CVE-2017-8519,CVE-2017-8522,CVE-2017-8524)
2) Information Disclousre (CVE-2017-8529, CVE-2017-8547)

解决方案

For more information, Customers are advised to refer the Security Update Guide.

Patch:
Following are links for downloading patches to fix the vulnerabilities: