Description
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information or gain privileges.
Below is a complete list of vulnerabilities
- An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code;
- An improper memory objects handling at Chakra JavaScript engine can be exploited remotely via a specially designed content to execute arbitrary code;
- An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information;
- Lack of credential data storage restrictions can be exploited locally via harvesting memory dump to obtain sensitive information;
- Lack of private namespace security restrictions can be exploited remotely to gain privileges;
- An improper validation can be exploited remotely via a specially designed content to bypass security restrictions.
Original advisories
- CVE-2016-3298
- CVE-2016-3267
- CVE-2016-3392
- CVE-2016-3391
- CVE-2016-3390
- CVE-2016-3389
- CVE-2016-3388
- CVE-2016-3387
- CVE-2016-3386
- CVE-2016-3385
- CVE-2016-3384
- CVE-2016-3383
- CVE-2016-3382
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2016-3331 critical
- CVE-2016-3298 warning
- CVE-2016-3267 warning
- CVE-2016-3392 warning
- CVE-2016-3391 warning
- CVE-2016-3390 critical
- CVE-2016-3389 critical
- CVE-2016-3388 warning
- CVE-2016-3387 high
- CVE-2016-3386 critical
- CVE-2016-3385 critical
- CVE-2016-3384 critical
- CVE-2016-3383 critical
- CVE-2016-3382 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!