CVE-2016-3324 – Microsoft Internet Explorer 11/10/9 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104)
https://notcve.org/view.php?id=CVE-2016-3324
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Memory Corruption Vulnerability". Microsoft Internet Explorer versions 9, 10, and 11 suffer from an MSHTML PROPERTYDESC::HandleStyleComponentProperty out-of-bounds read. • https://www.exploit-db.com/exploits/40748 http://www.securityfocus.com/bid/92809 http://www.securitytracker.com/id/1036788 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 •
CVE-2016-3353 – Microsoft Windows .URL File Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3353
Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer Security Feature Bypass." Microsoft Internet Explorer 9 hasta la versión 11 no maneja adecuadamente archivos .url de la zona de Internet, lo que permite a atacantes remotos eludir restricciones destinadas al acceso a través de un archivo manipulado, vulnerabilidad también conocida como "Internet Explorer Security Feature Bypass". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. An attacker can craft a malicious file with a .URL extension. If the victim opens the .URL file, the attacker can execute arbitrary code on the victim's machine under the context of the user. • http://www.securityfocus.com/bid/92827 http://www.securitytracker.com/id/1036788 http://zerodayinitiative.com/advisories/ZDI-16-506 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 • CWE-254: 7PK - Security Features •
CVE-2016-3375 – Microsoft Windows ADO Recordset Update Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-3375
The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." El mecanismo OLE Automation y el motor de secuencias de comandos VBScript en Microsoft Internet Explorer 9 hasta la versión 11, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Update method of the Recordset object implemented by Microsoft ActiveX Data Objects (ADO). By performing actions in script an attacker can cause a pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/92835 http://www.securitytracker.com/id/1036788 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3288 – Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV
https://notcve.org/view.php?id=CVE-2016-3288
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario a través de una página web manipulada, también conocida como "Internet Explorer Memory Corruption Vulnerability", un vulnerabilidad diferente a CVE-2016-3290. • https://www.exploit-db.com/exploits/40253 http://www.securityfocus.com/bid/92321 http://www.securitytracker.com/id/1036562 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3293
https://notcve.org/view.php?id=CVE-2016-3293
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Edge permiten a atacantes remotos ejecutar código arbitrario a través de una página web manipulada, también conocida como "Microsoft Browser Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/92305 http://www.securitytracker.com/id/1036562 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •