CVSS: 7.6EPSS: 31%CPEs: 3EXPL: 0CVE-2016-0113 – Microsoft Internet Explorer CTravelEntry Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0113
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0105, CVE-2016-0107, CVE-2016-0111 y CVE-2016-0112. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer stores the user's browsing history for forward/back navigation. By manipulating a document's elements an attacker can force a CTravelEntry object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/84011 http://www.securitytracker.com/id/1035203 http://www.zerodayinitiative.com/advisories/ZDI-16-186 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2016-0068
https://notcve.org/view.php?id=CVE-2016-0068
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados, también conocido como "Internet Explorer Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0069. • http://www.securitytracker.com/id/1034971 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2016-0069
https://notcve.org/view.php?id=CVE-2016-0069
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados, también conocido como "Internet Explorer Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0068. • http://jvn.jp/en/jp/JVN78383854/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000028.html http://www.securityfocus.com/bid/82665 http://www.securitytracker.com/id/1034971 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 91%CPEs: 12EXPL: 1CVE-2016-0041 – Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070)
https://notcve.org/view.php?id=CVE-2016-0041
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold y 1511 e Internet Explorer 10 y 11 no manejan adecuadamente la carga DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "DLL Loading Remote Code Execution Vulnerability". • https://www.exploit-db.com/exploits/41706 http://seclists.org/fulldisclosure/2016/Feb/49 http://www.securitytracker.com/id/1034971 http://www.securitytracker.com/id/1034985 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014 https://www.securify.nl/advisory/SFY20150905/nps_datastore_server_dll_side_loading_vulnerability.html https://securify.nl/advisory/SFY20150801/com__services_dll_side •
CVSS: 9.3EPSS: 30%CPEs: 3EXPL: 0CVE-2016-0067
https://notcve.org/view.php?id=CVE-2016-0067
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0072. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0060, CVE-2016-0061, CVE-2016-0063 y CVE-2016-0072. • http://www.securitytracker.com/id/1034971 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •