CVSS: 7.6EPSS: 41%CPEs: 1EXPL: 0CVE-2016-3290
https://notcve.org/view.php?id=CVE-2016-3290
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3288. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario a través de una página web manipulada, también conocida como "Internet Explorer Memory Corruption Vulnerability", un vulnerabilidad diferente a CVE-2016-3288. • http://www.securityfocus.com/bid/92322 http://www.securitytracker.com/id/1036562 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 39%CPEs: 4EXPL: 0CVE-2016-3327
https://notcve.org/view.php?id=CVE-2016-3327
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326. Microsoft Internet Explorer 9 hasta la versión 11 y Edge permiten a atacantes remotos obtener información sensible a través de una página web manipulada, también conocida como "Microsoft Browser Information Disclosure Vulnerability", una vulnerabilidad diferente a CVE-2016-3326. • http://www.securityfocus.com/bid/92284 http://www.securitytracker.com/id/1036562 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 39%CPEs: 4EXPL: 0CVE-2016-3329
https://notcve.org/view.php?id=CVE-2016-3329
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Edge permiten a atacantes remotos determinar la existencia de archivos a través de una página web manipulada, también conocida como "Internet Explorer Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/92286 http://www.securitytracker.com/id/1036562 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3321 – Internet Explorer Iframe Sandbox File Name Disclosure
https://notcve.org/view.php?id=CVE-2016-3321
Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 10 y 11 cargan diferentes archivos para intentos para abrir un archivo :// URL dependiendo de si el archivo existe, lo que permite a usuarios locales enumerar archivos a través de vectores que involucran un archivo :// URL y un sandbox iframe HTML5, también conocida como "Internet Explorer Information Disclosure Vulnerability". It was found that Internet Explorer allows the disclosure of local file names. This issue exists due to the fact that Internet Explorer behaves different for file:// URLs pointing to existing and non-existent files. When used in combination with HTML5 sandbox iframes it is possible to use this behavior to find out if a local file exists. • http://seclists.org/fulldisclosure/2016/Aug/44 http://www.securityfocus.com/archive/1/539174/100/0/threaded http://www.securityfocus.com/bid/92291 http://www.securitytracker.com/id/1036562 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095 https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html https://securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 33%CPEs: 2EXPL: 0CVE-2016-3322 – Microsoft Internet Explorer CACPCache Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3322
Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3289. Microsoft Internet Explorer 11 y Edge permiten a atacantes remotos ejecutar código arbitrario a través de una página web manipulada, también conocida como "Microsoft Browser Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3289. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer handles user text input on web pages. By manipulating a document's elements an attacker can force a CACPCache object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/92282 http://www.securitytracker.com/id/1036562 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •