CVSS: 7.6EPSS: 25%CPEs: 14EXPL: 0CVE-2016-3375 – Microsoft Windows ADO Recordset Update Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-3375
The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." El mecanismo OLE Automation y el motor de secuencias de comandos VBScript en Microsoft Internet Explorer 9 hasta la versión 11, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Update method of the Recordset object implemented by Microsoft ActiveX Data Objects (ADO). By performing actions in script an attacker can cause a pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/92835 http://www.securitytracker.com/id/1036788 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-7153
https://notcve.org/view.php?id=CVE-2016-7153
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. El protocolo HTTP/2 no considera el rol de la ventana de congestión TCP cuando da información sobre longitud del contenido, lo que facilita a atacantes remotos obtener datos en texto plano aprovechando una configuración de navegador web donde son enviadas las cookies de terceros, también conocido como ataque "HEIST". • http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages http://www.securityfocus.com/bid/92773 http://www.securitytracker.com/id/1036741 http://www.securitytracker.com/id/1036742 http://www.securitytracker.com/id/1036743 http://www.securitytracker.com/id/1036744 http://www.securitytracker.com/id/1036745 http://www.securitytracker.com/id/1036746 https://tom.vg/papers/heist_blackhat2016.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-7152
https://notcve.org/view.php?id=CVE-2016-7152
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. El protocolo HTTPS no considera el rol de la ventana de congestión TCP cuando da información sobre longitud del contenido, lo que facilita a atacantes remotos obtener datos en texto plano aprovechando una configuración de navegador web donde son enviadas cookies de terceros, también conocido como ataque "HEIST". • http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages http://www.securityfocus.com/bid/92769 http://www.securitytracker.com/id/1036741 http://www.securitytracker.com/id/1036742 http://www.securitytracker.com/id/1036743 http://www.securitytracker.com/id/1036744 http://www.securitytracker.com/id/1036745 http://www.securitytracker.com/id/1036746 https://tom.vg/papers/heist_blackhat2016.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 93%CPEs: 1EXPL: 1CVE-2016-3288 – Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV
https://notcve.org/view.php?id=CVE-2016-3288
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario a través de una página web manipulada, también conocida como "Internet Explorer Memory Corruption Vulnerability", un vulnerabilidad diferente a CVE-2016-3290. • https://www.exploit-db.com/exploits/40253 http://www.securityfocus.com/bid/92321 http://www.securitytracker.com/id/1036562 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 46%CPEs: 4EXPL: 0CVE-2016-3293
https://notcve.org/view.php?id=CVE-2016-3293
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Edge permiten a atacantes remotos ejecutar código arbitrario a través de una página web manipulada, también conocida como "Microsoft Browser Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/92305 http://www.securitytracker.com/id/1036562 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •