CVSS: 4.3EPSS: 46%CPEs: 2EXPL: 0CVE-2017-0033
https://notcve.org/view.php?id=CVE-2017-0033
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069. Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos suplantar contenido web a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Spoofing Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0012 y CVE-2017-0069. • http://www.securityfocus.com/bid/96087 http://www.securitytracker.com/id/1038006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0033 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 31%CPEs: 3EXPL: 0CVE-2017-0008
https://notcve.org/view.php?id=CVE-2017-0008
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059. Microsoft Internet Explorer 9 hasta la versión 11 permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, también conocido como "Internet Explorer Information Disclosure Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0009 y CVE-2017-0059. • http://www.securityfocus.com/bid/96073 http://www.securitytracker.com/id/1038008 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 96%CPEs: 2EXPL: 5CVE-2017-0037 – Microsoft Edge and Internet Explorer Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. Microsoft Internet Explorer 10 y 11 y Microsoft Edge tienen un problema de tipo de confusión en la función Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement en mshtml.dll, que permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una secuencia de token Cascading Style Sheets (CSS) manipulada y código JavaScript manipulado que opera en un elemento TH. Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement. Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. • https://www.exploit-db.com/exploits/41454 https://www.exploit-db.com/exploits/43125 https://www.exploit-db.com/exploits/42354 https://github.com/chattopadhyaykittu/CVE-2017-0037 http://www.securityfocus.com/bid/96088 http://www.securitytracker.com/id/1037905 http://www.securitytracker.com/id/1037906 https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 https://portal.msrc.microsoft.com/en-US&# • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 28%CPEs: 3EXPL: 0CVE-2016-7283
https://notcve.org/view.php?id=CVE-2016-7283
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Memory Corruption Vulnerability." • http://www.securityfocus.com/bid/94726 http://www.securitytracker.com/id/1037448 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7281
https://notcve.org/view.php?id=CVE-2016-7281
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability." La implementación Web Workers en Microsoft Internet Explorer 10 y 11 y Microsoft Edge permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados, vulnerabilidad también conocida como "Microsoft Browser Security Feature Bypass Vulnerability." • http://www.securityfocus.com/bid/94723 http://www.securitytracker.com/id/1037444 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-254: 7PK - Security Features •