Page 65 of 1742 results (0.039 seconds)

CVSS: 7.6EPSS: 19%CPEs: 3EXPL: 0

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3240 and CVE-2016-3241. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3240 y CVE-2016-3241. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer keeps track of table rows when performing layout of HTML tables. By manipulating a document's elements an attacker can cause Internet Explorer to read beyond the end of an array of pointers to CTableRow objects. • http://www.securityfocus.com/bid/91570 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 24%CPEs: 4EXPL: 0

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Microsoft Browser Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge requests permission from the user to allow a website to access device location information (for example, GPS). By performing certain actions in script, an attacker can force a CGeolocationManager object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/91598 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 92%CPEs: 3EXPL: 3

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and CVE-2016-3211. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0200 y CVE-2016-3211. With MS16-063, Microsoft has patched CVE-2016-0199 which relates to a memory corruption bug in the garbage collector of the JavaScript engine used in Internet Explorer 11. • https://www.exploit-db.com/exploits/39994 https://github.com/LeoonZHANG/CVE-2016-0199 http://packetstormsecurity.com/files/137533/Microsoft-Internet-Explorer-11-Garbage-Collector-Attribute-Type-Confusion.html http://seclists.org/fulldisclosure/2016/Jun/44 http://www.securityfocus.com/archive/1/538706/100/0/threaded http://www.securitytracker.com/id/1036096 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://www.verisign.com/en_US/security-services/security-in • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 2%CPEs: 3EXPL: 0

The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability." El XSS Filter en Microsoft Internet Explorer 9 hasta la versión 11 no identifica adecuadamente JavaScript, lo que facilita a atacantes remotos llevar a cabo ataques de secuencias de comandos de sitios cruzados (XSS) a través de un sitio web manipulado, también conocida como "Internet Explorer XSS Filter Vulnerability". • http://www.securityfocus.com/bid/91105 http://www.securitytracker.com/id/1036096 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.6EPSS: 11%CPEs: 6EXPL: 0

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206. Los motores de Microsoft (1) JScript 5.8 y (2) VBScript 5.7 y 5.8, tal como se utilizan en Internet Explorer 9 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3205 y CVE-2016-3206. • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036097 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •