CVSS: 6.5EPSS: 70%CPEs: 18EXPL: 1CVE-2016-3351 – Microsoft Internet Explorer and Edge Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-3351
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos obtener información sensible a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Information Disclosure Vulnerability". An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. • http://www.securityfocus.com/bid/92788 http://www.securitytracker.com/id/1036788 http://www.securitytracker.com/id/1036789 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105 https://www.brokenbrowser.com/detecting-apps-mimetype-malware •
CVSS: 7.6EPSS: 25%CPEs: 14EXPL: 0CVE-2016-3375 – Microsoft Windows ADO Recordset Update Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-3375
The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." El mecanismo OLE Automation y el motor de secuencias de comandos VBScript en Microsoft Internet Explorer 9 hasta la versión 11, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Update method of the Recordset object implemented by Microsoft ActiveX Data Objects (ADO). By performing actions in script an attacker can cause a pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/92835 http://www.securitytracker.com/id/1036788 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 90%CPEs: 13EXPL: 0CVE-2016-3213 – NetBIOS Response BadTunnel Brute Force Spoof (NAT Tunnel)
https://notcve.org/view.php?id=CVE-2016-3213
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability." El protocolo de implementación Web Proxy Auto Discovery (WPAD) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold y 1511 e Internet Explorer 9 hasta la versión 11 tienen un mecanismo de retorno indebido, lo que permite a atacantes remotos obtener privilegios a través de respuestas de nombres NetBIOS, también conocida como "WPAD Elevation of Privilege Vulnerability". • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077 http://xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 96%CPEs: 20EXPL: 2CVE-2016-0189 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2016-0189
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. Los motores Microsoft (1) JScript 5.8 y (2) VBScript 5.7 y 5.8, según se utilizan en Internet Explorer 9 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0187. The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. • https://www.exploit-db.com/exploits/40118 http://www.securityfocus.com/bid/90012 http://www.securitytracker.com/id/1035820 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-053 https://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 6%CPEs: 13EXPL: 0CVE-2016-0162 – Microsoft Internet Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0162
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos determinar la existencia de archivos a través código JavaScript manipulado, también conocida como "Internet Explorer Information Disclosure Vulnerability". An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer. • http://www.securityfocus.com/bid/85939 http://www.securitytracker.com/id/1035521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037 •