CVSS: 7.6EPSS: 15%CPEs: 1EXPL: 0CVE-2016-7243
https://notcve.org/view.php?id=CVE-2016-7243
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242. El motor de secuencia de comandos Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad distinta a CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240 y CVE-2016-7242. • http://www.securityfocus.com/bid/94047 http://www.securitytracker.com/id/1037245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 34%CPEs: 3EXPL: 0CVE-2016-7196
https://notcve.org/view.php?id=CVE-2016-7196
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 10 y 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/94051 http://www.securitytracker.com/id/1037245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 15%CPEs: 1EXPL: 0CVE-2016-7242
https://notcve.org/view.php?id=CVE-2016-7242
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243. El motor de secuencia de comandos Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad distinta a CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240 y CVE-2016-7243. • http://www.securityfocus.com/bid/94041 http://www.securitytracker.com/id/1037245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 91%CPEs: 1EXPL: 1CVE-2016-7240 – Microsoft Edge - 'eval' Type Confusion
https://notcve.org/view.php?id=CVE-2016-7240
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243. El motor de secuencia de comandos Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad distinta a CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242 y CVE-2016-7243. In Chakra, function calls can sometimes take an extra internal argument, using the flag CallFlags_ExtraArg. The global eval function makes assumptions about the type of this extra arg, and casts it to a FrameDisplay object. If eval is called from a location in code where an extra parameter is added, for example, a Proxy function trap, and the extra parameter is of a different type, this can lead to type confusion. • https://www.exploit-db.com/exploits/40773 http://www.securityfocus.com/bid/94046 http://www.securitytracker.com/id/1037245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3391
https://notcve.org/view.php?id=CVE-2016-3391
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure Vulnerability." Microsoft Internet Explorer 10 y 11 y Microsoft Edge permiten a atacantes dependientes del contexto descubrir credenciales aprovechando el acceso a un volcado de memoria, vulnerabilidad también conocida como "Microsoft Browser Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/93379 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •