CVSS: 9.3EPSS: 11%CPEs: 3EXPL: 0CVE-2016-3204
https://notcve.org/view.php?id=CVE-2016-3204
The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de Microsoft (1) JScript 5.8 y 9 y (2) VBScript 5.7 y 5.8, como se utilizan en Internet Explorer 9 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/91584 http://www.securitytracker.com/id/1036282 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 19%CPEs: 3EXPL: 0CVE-2016-3241 – Microsoft Internet Explorer CTableRowCellsCollectionCacheItem Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3241
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3240 and CVE-2016-3242. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3240 y CVE-2016-3242. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer keeps track of table rows when performing layout of HTML tables. By manipulating a document's elements, an attacker can cause Internet Explorer to read beyond the end of an array of pointers to CTableCell objects. • http://www.securityfocus.com/bid/91569 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 19%CPEs: 3EXPL: 0CVE-2016-3242 – Microsoft Internet Explorer CTableLayout AddRow Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3242
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3240 and CVE-2016-3241. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3240 y CVE-2016-3241. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer keeps track of table rows when performing layout of HTML tables. By manipulating a document's elements an attacker can cause Internet Explorer to read beyond the end of an array of pointers to CTableRow objects. • http://www.securityfocus.com/bid/91570 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 24%CPEs: 4EXPL: 0CVE-2016-3264 – Microsoft Edge CGeolocationManager Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3264
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Microsoft Browser Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge requests permission from the user to allow a website to access device location information (for example, GPS). By performing certain actions in script, an attacker can force a CGeolocationManager object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/91598 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 3EXPL: 3CVE-2016-0199 – Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)
https://notcve.org/view.php?id=CVE-2016-0199
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and CVE-2016-3211. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0200 y CVE-2016-3211. With MS16-063, Microsoft has patched CVE-2016-0199 which relates to a memory corruption bug in the garbage collector of the JavaScript engine used in Internet Explorer 11. • https://www.exploit-db.com/exploits/39994 https://github.com/LeoonZHANG/CVE-2016-0199 http://packetstormsecurity.com/files/137533/Microsoft-Internet-Explorer-11-Garbage-Collector-Attribute-Type-Confusion.html http://seclists.org/fulldisclosure/2016/Jun/44 http://www.securityfocus.com/archive/1/538706/100/0/threaded http://www.securitytracker.com/id/1036096 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://www.verisign.com/en_US/security-services/security-in • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •