CVSS: 9.3EPSS: 27%CPEs: 3EXPL: 0CVE-2016-0072 – Microsoft Internet Explorer CSVGAnimatedAngle Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0072
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0067. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2016-0060, CVE-2016-0061, CVE-2016-0063 y CVE-2016-0067. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CSVGAnimatedAngle objects. By manipulating a document's elements, an attacker can cause a CSVGAnimatedAngle object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1034971 http://www.zerodayinitiative.com/advisories/ZDI-16-157 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 28%CPEs: 4EXPL: 0CVE-2016-0061 – Microsoft Internet Explorer HTML form Element Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0061
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072. Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Microsoft Browser Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0060, CVE-2016-0063, CVE-2016-0067 y CVE-2016-0072. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer handles HTML form elements. By performing certain script actions, an attacker can cause Internet Explorer to read the id or name of a form element and interpret it as a pointer. • http://www.securitytracker.com/id/1034971 http://www.securitytracker.com/id/1034972 http://www.zerodayinitiative.com/advisories/ZDI-16-162 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-011 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 76%CPEs: 8EXPL: 0CVE-2016-0002
https://notcve.org/view.php?id=CVE-2016-0002
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, también conocido como "Scripting Engine Memory Corruption Vulnerability". • http://www.securitytracker.com/id/1034648 http://www.securitytracker.com/id/1034650 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-001 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-003 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1215 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 94%CPEs: 3EXPL: 0CVE-2016-0005
https://notcve.org/view.php?id=CVE-2016-0005
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados, también conocido como "Internet Explorer Elevation of Privilege Vulnerability". • http://www.securitytracker.com/id/1034648 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-001 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 4%CPEs: 4EXPL: 0CVE-2015-6144
https://notcve.org/view.php?id=CVE-2015-6144
Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Browser XSS Filter Bypass Vulnerability." Microsoft Internet Explorer 8 hasta la versión 11 y Microsoft Edge no manejan correctamente atributos HTML en respuestas HTTP, lo que permite a atacantes remotos eludir el mecanismo de protección XSS a través de vectores no especificados, también conocida como 'Microsoft Browser XSS Filter Bypass Vulnerability'. • http://www.securitytracker.com/id/1034315 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •