CVSS: 7.6EPSS: 19%CPEs: 3EXPL: 0CVE-2016-3241 – Microsoft Internet Explorer CTableRowCellsCollectionCacheItem Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3241
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3240 and CVE-2016-3242. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3240 y CVE-2016-3242. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer keeps track of table rows when performing layout of HTML tables. By manipulating a document's elements, an attacker can cause Internet Explorer to read beyond the end of an array of pointers to CTableCell objects. • http://www.securityfocus.com/bid/91569 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 19%CPEs: 3EXPL: 0CVE-2016-3242 – Microsoft Internet Explorer CTableLayout AddRow Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3242
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3240 and CVE-2016-3241. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3240 y CVE-2016-3241. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer keeps track of table rows when performing layout of HTML tables. By manipulating a document's elements an attacker can cause Internet Explorer to read beyond the end of an array of pointers to CTableRow objects. • http://www.securityfocus.com/bid/91570 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 24%CPEs: 4EXPL: 0CVE-2016-3264 – Microsoft Edge CGeolocationManager Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3264
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Microsoft Browser Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge requests permission from the user to allow a website to access device location information (for example, GPS). By performing certain actions in script, an attacker can force a CGeolocationManager object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/91598 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 3EXPL: 3CVE-2016-0199 – Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)
https://notcve.org/view.php?id=CVE-2016-0199
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and CVE-2016-3211. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0200 y CVE-2016-3211. With MS16-063, Microsoft has patched CVE-2016-0199 which relates to a memory corruption bug in the garbage collector of the JavaScript engine used in Internet Explorer 11. • https://www.exploit-db.com/exploits/39994 https://github.com/LeoonZHANG/CVE-2016-0199 http://packetstormsecurity.com/files/137533/Microsoft-Internet-Explorer-11-Garbage-Collector-Attribute-Type-Confusion.html http://seclists.org/fulldisclosure/2016/Jun/44 http://www.securityfocus.com/archive/1/538706/100/0/threaded http://www.securitytracker.com/id/1036096 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://www.verisign.com/en_US/security-services/security-in • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 2%CPEs: 3EXPL: 0CVE-2016-3212
https://notcve.org/view.php?id=CVE-2016-3212
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability." El XSS Filter en Microsoft Internet Explorer 9 hasta la versión 11 no identifica adecuadamente JavaScript, lo que facilita a atacantes remotos llevar a cabo ataques de secuencias de comandos de sitios cruzados (XSS) a través de un sitio web manipulado, también conocida como "Internet Explorer XSS Filter Vulnerability". • http://www.securityfocus.com/bid/91105 http://www.securitytracker.com/id/1036096 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •