Описание
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information or gain privileges.
Below is a complete list of vulnerabilities
- An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code;
- An improper memory objects handling at Chakra JavaScript engine can be exploited remotely via a specially designed content to execute arbitrary code;
- An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information;
- Lack of credential data storage restrictions can be exploited locally via harvesting memory dump to obtain sensitive information;
- Lack of private namespace security restrictions can be exploited remotely to gain privileges;
- An improper validation can be exploited remotely via a specially designed content to bypass security restrictions.
Первичный источник обнаружения
- CVE-2016-3331
CVE-2016-3298
CVE-2016-3267
CVE-2016-3392
CVE-2016-3391
CVE-2016-3390
CVE-2016-3389
CVE-2016-3388
CVE-2016-3387
CVE-2016-3386
CVE-2016-3385
CVE-2016-3384
CVE-2016-3383
CVE-2016-3382
Эксплуатация
Public exploits exist for this vulnerability.
Связанные продукты
Список CVE
- CVE-2016-3331 critical
- CVE-2016-3298 warning
- CVE-2016-3267 warning
- CVE-2016-3392 warning
- CVE-2016-3391 warning
- CVE-2016-3390 critical
- CVE-2016-3389 critical
- CVE-2016-3388 warning
- CVE-2016-3387 high
- CVE-2016-3386 critical
- CVE-2016-3385 critical
- CVE-2016-3384 critical
- CVE-2016-3383 critical
- CVE-2016-3382 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!