Page 72 of 442 results (0.048 seconds)

CVSS: 6.9EPSS: 1%CPEs: 2EXPL: 0

CVE-2016-3292 – Microsoft Internet Explorer Add-on Installer Enhanced Protected Mode Sandbox Escape Vulnerability

https://notcve.org/view.php?id=CVE-2016-3292

Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 10 y 11 no maneja adecuadamente ajustes de integridad y de zona, lo que permite a atacantes remotos eludir un mecanismo de protección sandbox a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Elevation of Privilege Vulnerability". This vulnerability allows attackers to escape from the Enhanced Protected Mode sandbox on vulnerable installations of Microsoft Internet Explorer. ... An attacker who has gained code execution within the Internet Explorer Enhanced Protected Mode sandbox can leverage this component to place a malicious HTML file in a predictable location at medium integrity. • http://www.securityfocus.com/bid/92808 http://www.securitytracker.com/id/1036788 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 2%CPEs: 8EXPL: 0

CVE-2016-2837 – Mozilla Firefox ClearKeyDecryptor Heap Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass. Desbordamiento de búfer basado en memoria dinámica en el ClearKey Content Decryption Module (CDM) en el Encrypted Media Extensions (EME) API en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 podría permitir a atacantes remotos ejecutar código arbitrario proporcionando un vídeo malformado y aprovechando un Gecko Media Plugin (GMP) sandbox bypass. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://rhn.redhat.com/errata/RHSA-2016-1551.html http://www.debian.org/security/2016/dsa-3640 http://www.mozilla.org/security/announce/2016/mfsa2016-77.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92258 http://www.securitytracker.com/id/1036508 http://www.ubuntu.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1706 – chromium-browser: sandbox escape in ppapi

https://notcve.org/view.php?id=CVE-2016-1706

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. La implementación PPAPI en Google Chrome en versiones anteriores a 52.0.2743.82 no valida el origen de los mensajes IPC para el plugin del proceso broker que debería haber llegado desde el proceso navegador, lo que permite a atacantes remotos eludir un mecanismo de protección sandbox a través de un tipo de mensaje inesperado, relacionado con broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc y render_frame_message_filter.cc. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securitytracker.com • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 23%CPEs: 3EXPL: 0

CVE-2016-3211 – Microsoft Internet Explorer PerformDoDragDrop Protected Mode Sandbox Escape Vulnerability

https://notcve.org/view.php?id=CVE-2016-3211

An attacker who has gained code execution within the Internet Explorer Protected Mode sandbox can leverage this method to place a malicious executable file in any location to which the user has write access. • http://www.securitytracker.com/id/1036096 http://www.zerodayinitiative.com/advisories/ZDI-16-366 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1797 – Apple OS X fontd Sandbox Escape Vulnerability

https://notcve.org/view.php?id=CVE-2016-1797

Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. Apple Type Services (ATS) en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes eludir las restricciones de política de sandbox destinadas a FontValidator y ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. ... Authentication is not required to exploit this vulnerability. The specific flaw exists within the sandbox policy for the fontd process. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code outside the context of the Safari sandbox. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 http://www.zerodayinitiative.com/advisories/ZDI-16-360 https://support.apple.com/HT206567 • CWE-284: Improper Access Control •