CVSS: 9.3EPSS: 30%CPEs: 1EXPL: 0CVE-2016-0064
https://notcve.org/view.php?id=CVE-2016-0064
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability". • http://www.securitytracker.com/id/1034971 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0CVE-2016-0077
https://notcve.org/view.php?id=CVE-2016-0077
Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge no analiza correctamente la gramática de respuestas HTTP, lo que permite a atacantes remotos suplantar sitios web a través de una URL manipulada, también conocida como "Microsoft Browser Spoofing Vulnerability". • http://www.securitytracker.com/id/1034971 http://www.securitytracker.com/id/1034972 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-011 • CWE-19: Data Processing Errors •
CVSS: 4.3EPSS: 16%CPEs: 3EXPL: 0CVE-2016-0059
https://notcve.org/view.php?id=CVE-2016-0059
The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability." El Hyperlink Object Library en Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos obtener información sensible desde la memoria de proceso a través de una URL manipulada en un (1) mensaje e-mail o (2) documento Office, también conocida como "Internet Explorer Information Disclosure Vulnerability". • http://www.securitytracker.com/id/1034971 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 74%CPEs: 4EXPL: 0CVE-2016-0060 – Microsoft Edge Text Node Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0060
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0061, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072. Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Microsoft Browser Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0061, CVE-2016-0063, CVE-2016-0067 y CVE-2016-0072. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge processes text nodes within document fragments. By manipulating a document's elements an attacker can cause Microsoft Edge to use a flag value as if it were a pointer to a Tree::ANode object. • http://www.securitytracker.com/id/1034971 http://www.securitytracker.com/id/1034972 http://www.zerodayinitiative.com/advisories/ZDI-16-159 http://www.zerodayinitiative.com/advisories/ZDI-16-165 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-011 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 3EXPL: 2CVE-2016-0063 – Microsoft Internet Explorer DOMImplementation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0063
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0067, and CVE-2016-0072. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0060, CVE-2016-0061, CVE-2016-0067 y CVE-2016-0072. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer implements the DOMImplementation object. By performing certain script actions an attacker can cause Internet Explorer to execute the incorrect function, resulting in memory corruption. • https://www.exploit-db.com/exploits/40845 http://blog.skylined.nl/20161128001.html http://www.securitytracker.com/id/1034971 http://www.zerodayinitiative.com/advisories/ZDI-16-166 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •