CVSS: 7.6EPSS: 31%CPEs: 1EXPL: 0CVE-2016-0114 – Microsoft Internet Explorer Input Range Control Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0114
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108 y CVE-2016-0109. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes HTML input elements having a type of "range". By manipulating a document's elements an attacker can force a structure in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/84012 http://www.securitytracker.com/id/1035203 http://www.zerodayinitiative.com/advisories/ZDI-16-187 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2016-0068
https://notcve.org/view.php?id=CVE-2016-0068
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados, también conocido como "Internet Explorer Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0069. • http://www.securitytracker.com/id/1034971 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2016-0069
https://notcve.org/view.php?id=CVE-2016-0069
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados, también conocido como "Internet Explorer Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0068. • http://jvn.jp/en/jp/JVN78383854/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000028.html http://www.securityfocus.com/bid/82665 http://www.securitytracker.com/id/1034971 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 91%CPEs: 12EXPL: 1CVE-2016-0041 – Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070)
https://notcve.org/view.php?id=CVE-2016-0041
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold y 1511 e Internet Explorer 10 y 11 no manejan adecuadamente la carga DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "DLL Loading Remote Code Execution Vulnerability". • https://www.exploit-db.com/exploits/41706 http://seclists.org/fulldisclosure/2016/Feb/49 http://www.securitytracker.com/id/1034971 http://www.securitytracker.com/id/1034985 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014 https://www.securify.nl/advisory/SFY20150905/nps_datastore_server_dll_side_loading_vulnerability.html https://securify.nl/advisory/SFY20150801/com__services_dll_side •
CVSS: 9.3EPSS: 30%CPEs: 1EXPL: 0CVE-2016-0071
https://notcve.org/view.php?id=CVE-2016-0071
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Internet Explorer Memory Corruption Vulnerability". • http://www.securitytracker.com/id/1034971 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •