Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2016-12-20 CVE-2016-7291 Out-of-bounds Read vulnerability in Microsoft products
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
local
low complexity
microsoft CWE-125
7.1
2016-12-20 CVE-2016-7290 Out-of-bounds Read vulnerability in Microsoft products
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
local
low complexity
microsoft CWE-125
7.1
2016-12-20 CVE-2016-7289 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Publisher 2010
Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-12-20 CVE-2016-7288 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297.
network
high complexity
microsoft CWE-119
7.5
2016-12-20 CVE-2016-7287 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
network
high complexity
microsoft CWE-119
7.5
2016-12-20 CVE-2016-7286 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297.
network
high complexity
microsoft CWE-119
7.5
2016-12-20 CVE-2016-7284 Information Exposure vulnerability in Microsoft Internet Explorer 10/11
Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
4.3
2016-12-20 CVE-2016-7283 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
8.8
2016-12-20 CVE-2016-7282 Cross-site Scripting vulnerability in Microsoft Edge and Internet Explorer
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-79
6.1
2016-12-20 CVE-2016-7281 7PK - Security Features vulnerability in Microsoft Edge and Internet Explorer
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
network
high complexity
microsoft CWE-254
5.3