Description
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information or gain privileges.
Below is a complete list of vulnerabilities
- An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code;
- An improper memory objects handling at Chakra JavaScript engine can be exploited remotely via a specially designed content to execute arbitrary code;
- An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information;
- Lack of credential data storage restrictions can be exploited locally via harvesting memory dump to obtain sensitive information;
- Lack of private namespace security restrictions can be exploited remotely to gain privileges;
- An improper validation can be exploited remotely via a specially designed content to bypass security restrictions.
Original advisories
- CVE-2016-3298
- CVE-2016-3267
- CVE-2016-3392
- CVE-2016-3391
- CVE-2016-3390
- CVE-2016-3389
- CVE-2016-3388
- CVE-2016-3387
- CVE-2016-3386
- CVE-2016-3385
- CVE-2016-3384
- CVE-2016-3383
- CVE-2016-3382
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2016-3331 critical
- CVE-2016-3298 high
- CVE-2016-3267 high
- CVE-2016-3392 high
- CVE-2016-3391 high
- CVE-2016-3390 critical
- CVE-2016-3389 critical
- CVE-2016-3388 high
- CVE-2016-3387 critical
- CVE-2016-3386 critical
- CVE-2016-3385 critical
- CVE-2016-3384 critical
- CVE-2016-3383 critical
- CVE-2016-3382 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!