Vulnerabilities > Microsoft > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-06-16 | CVE-2016-3233 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel and Office Compatibility Pack Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | 9.3 |
2016-06-16 | CVE-2016-3228 | Improper Input Validation vulnerability in Microsoft Windows Server 2008 and Windows Server 2012 Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability." | 9.0 |
2016-06-16 | CVE-2016-3227 | DNS Use After Free Remote Code Execution vulnerability in Microsoft Windows Server 2012 R2 Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability." <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> | 10.0 |
2016-06-16 | CVE-2016-3223 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability." | 9.3 |
2016-06-16 | CVE-2016-3222 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." | 9.3 |
2016-06-16 | CVE-2016-3214 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199. | 9.3 |
2016-06-16 | CVE-2016-3213 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability." | 9.3 |
2016-06-16 | CVE-2016-3211 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-0200. | 9.3 |
2016-06-16 | CVE-2016-3210 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11 The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | 9.3 |
2016-06-16 | CVE-2016-3203 | Improper Input Validation vulnerability in Microsoft products Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability." | 9.3 |