The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0889, CVE-2018-0935)

  - An elevation of privilege vulnerability exists when     Internet Explorer fails a check, allowing sandbox     escape. An attacker who successfully exploited the     vulnerability could use the sandbox escape to elevate     privileges on an affected system. This vulnerability by     itself does not allow arbitrary code execution; however,     it could allow arbitrary code to be run if the attacker     uses it in combination with another vulnerability (such     as a remote code execution vulnerability or another     elevation of privilege vulnerability) that is capable of     leveraging the elevated privileges when code execution     is attempted. The update addresses the vulnerability by     correcting how Internet Explorer handles zone and     integrity settings. (CVE-2018-0942)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0927,     CVE-2018-0932)

  - An information disclosure vulnerability exists when     Internet Explorer improperly handles objects in memory.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0929)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft browsers. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.
    (CVE-2018-0891)

Detections

Analytics

Security Updates for Internet Explorer (March 2018)

high Nessus Plugin ID 108295

Version 1.12