CVSS: 6.5EPSS: 59%CPEs: 19EXPL: 0CVE-2016-3298 – Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-3298
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y el Internet Messaging API en Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permiten a atacantes remotos determinar la existencia de archivos arbitrarios a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Information Disclosure Vulnerability". An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk. • http://www.securityfocus.com/bid/93392 http://www.securitytracker.com/id/1036992 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-126 •
CVSS: 5.3EPSS: 78%CPEs: 4EXPL: 0CVE-2016-3267
https://notcve.org/view.php?id=CVE-2016-3267
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos determinar la existencia de archivos no especificados a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/93376 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 35%CPEs: 3EXPL: 0CVE-2016-3385
https://notcve.org/view.php?id=CVE-2016-3385
The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." El motor de secuencia de comandos en Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/93397 http://www.securitytracker.com/id/1036992 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 57%CPEs: 4EXPL: 0CVE-2016-3382 – Microsoft Edge JavaScript eval Function Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3382
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de secuencia de comandos en Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, como es demostrado por el motor Chakra JavaScript, una vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge and Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the JavaScript eval function. By performing actions in script an attacker can trigger a type confusion condition. • http://www.securityfocus.com/bid/93386 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 19%CPEs: 3EXPL: 0CVE-2016-3384 – Microsoft Internet Explorer s_DestroyMetaCallback Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3384
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer keeps track of linked web resources. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/93393 http://www.securitytracker.com/id/1036992 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •