Page 57 of 1742 results (0.002 seconds)

CVSS: 5.3EPSS: 10%CPEs: 3EXPL: 1

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387. Microsoft Internet Explorer 10 y 11 y Microsoft Edge no restringe adecuadamente el acceso a espacios de nombres privados, lo que permite a atacantes remotos obtener privilegios a través de vectores no especificados, vulnerabilidad también conocida como "Microsoft Browser Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-3387. The isolated private namespace created by ierutils has a insecure DACL which allows any appcontainer process to gain elevated permissions on the namespace directory which could lead to elevation of privilege. • https://www.exploit-db.com/exploits/40606 http://www.securityfocus.com/bid/93382 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.6EPSS: 15%CPEs: 2EXPL: 0

The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de secuencia de comandos en Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, como es demostrado por el motor Chakra JavaScript, una vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/93383 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 57%CPEs: 4EXPL: 0

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de secuencia de comandos en Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, como es demostrado por el motor Chakra JavaScript, una vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge and Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the JavaScript eval function. By performing actions in script an attacker can trigger a type confusion condition. • http://www.securityfocus.com/bid/93386 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 19%CPEs: 2EXPL: 0

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of table layout. By manipulating a document's elements an attacker can trigger a type confusion condition. • http://www.securityfocus.com/bid/93396 http://www.securitytracker.com/id/1036992 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 19%CPEs: 3EXPL: 0

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer keeps track of linked web resources. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/93393 http://www.securitytracker.com/id/1036992 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •