CVSS: 9.3EPSS: 23%CPEs: 3EXPL: 0CVE-2016-3211 – Microsoft Internet Explorer PerformDoDragDrop Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2016-3211
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-0200. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrarios o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0199 y CVE-2016-0200. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of the method IShdocvwBroker::PerformDoDragDrop. An attacker who has gained code execution within the Internet Explorer Protected Mode sandbox can leverage this method to place a malicious executable file in any location to which the user has write access. • http://www.securitytracker.com/id/1036096 http://www.zerodayinitiative.com/advisories/ZDI-16-366 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 23%CPEs: 3EXPL: 0CVE-2016-0200 – Microsoft Internet Explorer s_DestroyLinkCallback Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0200
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-3211. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0199 y CVE-2016-3211. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer keeps track of linked web resources. By manipulating a document's elements, an attacker can cause Internet Explorer to use an array address after the array has been relocated elsewhere in memory. • http://www.securitytracker.com/id/1036096 http://www.zerodayinitiative.com/advisories/ZDI-16-365 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4111 – flash-plugin: multiple code execution issues fixed in APSB16-15
https://notcve.org/view.php?id=CVE-2016-4111
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.213 y versiones anteriores, según se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a otras CVEs listadas en MS16-064. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://rhn.redhat.com/errata/RHSA-2016-1079.html http://www.securityfocus.com/bid/90618 http://www.securitytracker.com/id/1035827 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064 https://helpx.adobe.com/security/products/flash-player/apsb16-15.html https://access.redhat.com/security/cve/CVE-2016-4111 https://bugzilla.redhat.com/show_bug.cgi?id=1335058 •
CVSS: 7.6EPSS: 95%CPEs: 4EXPL: 1CVE-2016-1103 – Adobe Flash - Overflow in Processing Raw 565 Textures
https://notcve.org/view.php?id=CVE-2016-1103
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.213 y versiones anteriores, según se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a otras CVEs listadas en MS16-064. Adobe Flash suffers from an overflow vulnerability when processing raw 565 textures. • https://www.exploit-db.com/exploits/39826 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://packetstormsecurity.com/files/137054/Adobe-Flash-Raw-565-Texture-Processing-Overflow.html http://rhn.redhat.com/errata/RHSA-2016-1079.html http://www.securitytracker.com/id/1035827 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064 https://helpx.adobe.com/security/products/flash-player/apsb16-15.html https://access.redhat.com/security/cve/ •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1098 – flash-plugin: multiple code execution issues fixed in APSB16-15
https://notcve.org/view.php?id=CVE-2016-1098
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.213 y versiones anteriores, según se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a otras CVEs listadas en MS16-064. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://rhn.redhat.com/errata/RHSA-2016-1079.html http://www.securityfocus.com/bid/90618 http://www.securitytracker.com/id/1035827 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064 https://helpx.adobe.com/security/products/flash-player/apsb16-15.html https://access.redhat.com/security/cve/CVE-2016-1098 https://bugzilla.redhat.com/show_bug.cgi?id=1335058 •