Page 37 of 686 results (0.006 seconds)

CVSS: 6.5EPSS: 59%CPEs: 19EXPL: 0

CVE-2016-3298 – Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2016-3298

Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y el Internet Messaging API en Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permiten a atacantes remotos determinar la existencia de archivos arbitrarios a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Information Disclosure Vulnerability". An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk. • http://www.securityfocus.com/bid/93392 http://www.securitytracker.com/id/1036992 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-126 •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-3391

https://notcve.org/view.php?id=CVE-2016-3391

Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure Vulnerability." Microsoft Internet Explorer 10 y 11 y Microsoft Edge permiten a atacantes dependientes del contexto descubrir credenciales aprovechando el acceso a un volcado de memoria, vulnerabilidad también conocida como "Microsoft Browser Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/93379 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 78%CPEs: 4EXPL: 0

CVE-2016-3267

https://notcve.org/view.php?id=CVE-2016-3267

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos determinar la existencia de archivos no especificados a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/93376 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 35%CPEs: 3EXPL: 0

CVE-2016-3385

https://notcve.org/view.php?id=CVE-2016-3385

The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." El motor de secuencia de comandos en Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/93397 http://www.securitytracker.com/id/1036992 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 21%CPEs: 3EXPL: 1

CVE-2016-3387 – Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118)

https://notcve.org/view.php?id=CVE-2016-3387

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388. Microsoft Internet Explorer 10 y 11 y Microsoft Edge no restringe adecuadamente el acceso a espacios de nombres privados, lo que permite a atacantes remotos obtener privilegios a través de vectores no especificados, vulnerabilidad también conocida como "Microsoft Browser Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-3388. The isolated private namespace created by ierutils has an insecure boundary descriptor which allows any non-appcontainer sandbox process (such as chrome) or other users on the same system to gain elevated permissions on the namespace directory which could lead to elevation of privilege. • https://www.exploit-db.com/exploits/40607 http://www.securityfocus.com/bid/93381 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 • CWE-264: Permissions, Privileges, and Access Controls •