Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2016-06-16 CVE-2016-3213 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-264
8.8
2016-06-16 CVE-2016-3212 Cross-site Scripting vulnerability in Microsoft Internet Explorer 10/11/9
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
network
low complexity
microsoft CWE-79
6.1
2016-06-16 CVE-2016-3211 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-0200.
network
low complexity
microsoft CWE-119
8.8
2016-06-16 CVE-2016-3210 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11
The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
8.8
2016-06-16 CVE-2016-3207 Improper Input Validation vulnerability in Microsoft Jscript and Vbscript
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206.
network
high complexity
microsoft CWE-20
7.5
2016-06-16 CVE-2016-3206 Improper Input Validation vulnerability in Microsoft Jscript and Vbscript
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207.
network
high complexity
microsoft CWE-20
7.5
2016-06-16 CVE-2016-3205 Improper Input Validation vulnerability in Microsoft Jscript and Vbscript
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207.
network
high complexity
microsoft CWE-20
7.5
2016-06-16 CVE-2016-3203 Improper Input Validation vulnerability in Microsoft products
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-20
7.8
2016-06-16 CVE-2016-3202 Improper Input Validation vulnerability in Microsoft Chakra Javascript, Jscript and Vbscript
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
network
high complexity
microsoft CWE-20
7.5
2016-06-16 CVE-2016-3201 Information Exposure vulnerability in Microsoft products
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.
network
low complexity
microsoft CWE-200
6.5