Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2016-11-10 CVE-2016-7246 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-11-10 CVE-2016-7245 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-11-10 CVE-2016-7244 Improper Access Control vulnerability in Microsoft Office 2007
Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
local
low complexity
microsoft CWE-284
5.5
2016-11-10 CVE-2016-7243 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242.
network
high complexity
microsoft CWE-119
7.5
2016-11-10 CVE-2016-7242 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243.
network
high complexity
microsoft CWE-119
7.5
2016-11-10 CVE-2016-7241 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
network
high complexity
microsoft CWE-119
7.5
2016-11-10 CVE-2016-7240 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.
network
high complexity
microsoft CWE-119
7.5
2016-11-10 CVE-2016-7239 Information Exposure vulnerability in Microsoft Edge and Internet Explorer
The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
3.1
2016-11-10 CVE-2016-7238 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka "Windows NTLM Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-11-10 CVE-2016-7237 Improper Access Control vulnerability in Microsoft products
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
network
low complexity
microsoft CWE-284
6.5