CVSS: 9.3EPSS: 27%CPEs: 1EXPL: 0CVE-2016-3214
https://notcve.org/view.php?id=CVE-2016-3214
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199. El motor Chakra de JavaScript en Microsoft Edge permite a atacantes remotos ejecutar código arbitrario o provocar un denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3199. • http://www.securitytracker.com/id/1036099 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 5%CPEs: 6EXPL: 0CVE-2016-3201
https://notcve.org/view.php?id=CVE-2016-3201
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215. Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows 10 Gold y 1511 y Microsoft Edge permiten a atacantes remotos obtener información sensible de la memoria del proceso a través de un documento PDF manipulado, también conocida como "Windows PDF Information Disclosure Vulnerability", una vulnerabilidad diferente a CVE-2016-3215. • http://www.securitytracker.com/id/1036099 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-080 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 12%CPEs: 6EXPL: 0CVE-2016-3202
https://notcve.org/view.php?id=CVE-2016-3202
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de Microsoft (1) Chakra de JavaScript, (2) JScript y (3) VBScript, tal como se utilizan en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability". • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036099 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 1EXPL: 1CVE-2016-3222 – Microsoft Edge CBaseScriptable PrivateQueryInterface Uninitialized Memory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3222
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." Microsoft Edge permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Microsoft Edge Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of CBaseScriptable::PrivateQueryInterface. By performing certain operations in script, an attacker can cause Microsoft Edge to read uninitialized data from a memory location on the stack. • https://www.exploit-db.com/exploits/40880 http://blog.skylined.nl/20161205001.html http://packetstormsecurity.com/files/140043/Microsoft-Edge-CBase-Scriptable-Private-Query-Interface-Memory-Corruption.html http://seclists.org/fulldisclosure/2016/Dec/16 http://www.securityfocus.com/bid/91094 http://www.securitytracker.com/id/1036099 http://www.zerodayinitiative.com/advisories/ZDI-16-371 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 22%CPEs: 1EXPL: 0CVE-2016-3199 – Microsoft Edge JavaScript map Method Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3199
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214. El motor Chakra de JavaScript en Microsoft Edge permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3214. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the JavaScript map method, as defined on typed arrays. By performing certain operations in script, an attacker can cause JavaScript to write outside the bounds of the array. • http://www.securitytracker.com/id/1036099 http://www.zerodayinitiative.com/advisories/ZDI-16-367 http://www.zerodayinitiative.com/advisories/ZDI-16-368 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •