CVSS: 9.3EPSS: 93%CPEs: 3EXPL: 2CVE-2016-0063 – Microsoft Internet Explorer DOMImplementation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0063
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0067, and CVE-2016-0072. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0060, CVE-2016-0061, CVE-2016-0067 y CVE-2016-0072. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer implements the DOMImplementation object. By performing certain script actions an attacker can cause Internet Explorer to execute the incorrect function, resulting in memory corruption. • https://www.exploit-db.com/exploits/40845 http://blog.skylined.nl/20161128001.html http://www.securitytracker.com/id/1034971 http://www.zerodayinitiative.com/advisories/ZDI-16-166 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 77%CPEs: 4EXPL: 0CVE-2016-0060 – Microsoft Edge Text Node Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0060
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0061, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072. Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Microsoft Browser Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0061, CVE-2016-0063, CVE-2016-0067 y CVE-2016-0072. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge processes text nodes within document fragments. By manipulating a document's elements an attacker can cause Microsoft Edge to use a flag value as if it were a pointer to a Tree::ANode object. • http://www.securitytracker.com/id/1034971 http://www.securitytracker.com/id/1034972 http://www.zerodayinitiative.com/advisories/ZDI-16-159 http://www.zerodayinitiative.com/advisories/ZDI-16-165 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-011 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 28%CPEs: 4EXPL: 0CVE-2016-0061 – Microsoft Internet Explorer HTML form Element Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0061
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072. Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Microsoft Browser Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0060, CVE-2016-0063, CVE-2016-0067 y CVE-2016-0072. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer handles HTML form elements. By performing certain script actions, an attacker can cause Internet Explorer to read the id or name of a form element and interpret it as a pointer. • http://www.securitytracker.com/id/1034971 http://www.securitytracker.com/id/1034972 http://www.zerodayinitiative.com/advisories/ZDI-16-162 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-011 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 25%CPEs: 3EXPL: 0CVE-2016-0072 – Microsoft Internet Explorer CSVGAnimatedAngle Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0072
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0067. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2016-0060, CVE-2016-0061, CVE-2016-0063 y CVE-2016-0067. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CSVGAnimatedAngle objects. By manipulating a document's elements, an attacker can cause a CSVGAnimatedAngle object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1034971 http://www.zerodayinitiative.com/advisories/ZDI-16-157 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 79%CPEs: 8EXPL: 0CVE-2016-0002
https://notcve.org/view.php?id=CVE-2016-0002
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, también conocido como "Scripting Engine Memory Corruption Vulnerability". • http://www.securitytracker.com/id/1034648 http://www.securitytracker.com/id/1034650 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-001 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-003 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1215 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •