CVE-2016-3206
https://notcve.org/view.php?id=CVE-2016-3206
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207. Los motores de Microsoft (1) JScript 5.8 y (2) VBScript 5.7 y 5.8, tal como se utilizan en Internet Explorer 9 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3205 y CVE-2016-3207. • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036097 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3202
https://notcve.org/view.php?id=CVE-2016-3202
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de Microsoft (1) Chakra de JavaScript, (2) JScript y (3) VBScript, tal como se utilizan en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability". • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036099 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3205
https://notcve.org/view.php?id=CVE-2016-3205
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207. Los motores de Microsoft (1) JScript 5.8 y (2) VBScript 5.7 y 5.8, tal como se utilizan en Internet Explorer 9 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3206 y CVE-2016-3207. • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036097 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3210
https://notcve.org/view.php?id=CVE-2016-3210
The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de Microsoft (1) JScript y (2) VBScript, tal como se utilizan en Internet Explorer 11, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/91106 http://www.securitytracker.com/id/1036096 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3213 – NetBIOS Response BadTunnel Brute Force Spoof (NAT Tunnel)
https://notcve.org/view.php?id=CVE-2016-3213
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability." El protocolo de implementación Web Proxy Auto Discovery (WPAD) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold y 1511 e Internet Explorer 9 hasta la versión 11 tienen un mecanismo de retorno indebido, lo que permite a atacantes remotos obtener privilegios a través de respuestas de nombres NetBIOS, también conocida como "WPAD Elevation of Privilege Vulnerability". • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077 http://xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope • CWE-264: Permissions, Privileges, and Access Controls •