Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-14 CVE-2016-3366 Improper Access Control vulnerability in Microsoft Outlook
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability."
network
low complexity
microsoft CWE-284
6.5
2016-09-14 CVE-2016-3351 Unspecified vulnerability in Microsoft Edge and Internet Explorer
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
network
low complexity
microsoft
6.5
2016-09-14 CVE-2016-3302 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi access point or (2) crafted mobile-broadband device, aka "Windows Lock Screen Elevation of Privilege Vulnerability."
high complexity
microsoft CWE-264
6.3
2016-09-14 CVE-2016-3292 Improper Input Validation vulnerability in Microsoft Internet Explorer 10/11
Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
network
high complexity
microsoft CWE-20
5.0
2016-09-14 CVE-2016-0141 Information Exposure vulnerability in Microsoft Office
The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
6.5
2016-09-14 CVE-2016-0138 Information Exposure vulnerability in Microsoft Exchange Server
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
4.3
2016-09-06 CVE-2016-7153 Information Exposure vulnerability in multiple products
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
network
low complexity
microsoft google apple opera mozilla CWE-200
5.3
2016-09-06 CVE-2016-7152 Information Exposure vulnerability in multiple products
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
network
low complexity
opera apple mozilla microsoft google CWE-200
5.3
2016-08-09 CVE-2016-3329 Information Exposure vulnerability in Microsoft Edge and Internet Explorer
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
5.3
2016-08-09 CVE-2016-3327 Information Exposure vulnerability in Microsoft Edge and Internet Explorer
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326.
network
high complexity
microsoft CWE-200
5.3