CVSS: 5.3EPSS: 37%CPEs: 2EXPL: 0CVE-2016-0194 – Microsoft Internet Explorer Add-on Installer Enhanced Protected Mode Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0194
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 10 y 11 permite a atacantes remotos eludir permisos de archivo y obtener información sensible a través de un sitio web manipulado, también conocido como "Internet Explorer Information Disclosure Vulnerability". This vulnerability allows remote attackers to bypass the Enhanced Protected Mode sandbox of vulnerable installations of Microsoft Internet Explorer and disclose file contents. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Internet Explorer Add-on Installer component. An attacker can use this component to read the contents of any file that the current user has access to. • http://www.securityfocus.com/bid/90004 http://www.securitytracker.com/id/1035820 http://www.zerodayinitiative.com/advisories/ZDI-16-275 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 34%CPEs: 4EXPL: 0CVE-2016-0154
https://notcve.org/view.php?id=CVE-2016-0154
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como "Microsoft Browser Memory Corruption Vulnerability". • http://www.securitytracker.com/id/1035521 http://www.securitytracker.com/id/1035522 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-038 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 21%CPEs: 2EXPL: 0CVE-2016-0164
https://notcve.org/view.php?id=CVE-2016-0164
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como "Internet Explorer Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/85922 http://www.securitytracker.com/id/1035521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 6%CPEs: 13EXPL: 0CVE-2016-0162 – Microsoft Internet Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0162
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos determinar la existencia de archivos a través código JavaScript manipulado, también conocida como "Internet Explorer Information Disclosure Vulnerability". An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer. • http://www.securityfocus.com/bid/85939 http://www.securitytracker.com/id/1035521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037 •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-0160 – Microsoft Internet Explorer 11 DLL Hijacking
https://notcve.org/view.php?id=CVE-2016-0160
Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." Microsoft Internet Explorer 11 no maneja correctamente la carga DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "DLL Loading Remote Code Execution Vulnerability". Microsoft Internet Explorer 11 ships with MSHTML.DLL referencing various DLLs which are not present on a Windows 7 SP1 installation, Windows 10 is not affected, other Windows versions have not been tested. According to "MSHTML.DLL is at the heart of Internet Explorer and takes care of its HTML and Cascading Style Sheets (CSS) parsing and rendering functionality." Every application using MSHTML.DLL directly or another DLL which incorporates MSHTML.DLL (like SHELL32.dll) is prone to binary planting. • http://packetstormsecurity.com/files/136702/Microsoft-Internet-Explorer-11-DLL-Hijacking.html http://seclists.org/fulldisclosure/2016/Apr/61 http://www.securityfocus.com/archive/1/538098/100/0/threaded http://www.securitytracker.com/id/1035521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037 •