Microsoft Internet Explorer 10 Denial Of Service Execute Code Memory corruption Vulnerability
27 Dec. 2016
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
* Microsoft Edge
* Microsoft Internet Explorer 9
* Microsoft Internet Explorer 10
* Microsoft Internet Explorer 11
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
This security update is rated Critical for Microsoft Edge on Windows 10. For more information, see the Affected Software section.
The update addresses the vulnerabilities by:
modifying how Microsoft Edge and certain functions handle objects in memory.
correcting how Microsoft Edge handles cross-origin requests.
ensuring that Microsoft Edge properly implements the Address Space Layout Randomization (ASLR) security feature.
helping to ensure that Microsoft Edge properly validates page content.