The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft IE

computer vulnerability alert CVE-2014-0282 CVE-2014-1762 CVE-2014-1764

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/06/2014.
Revision date: 20/12/2016.
Identifiers: 2969262, CERTFR-2014-AVI-266, CVE-2014-0282, CVE-2014-1762, CVE-2014-1764, CVE-2014-1766, CVE-2014-1769, CVE-2014-1771, CVE-2014-1772, CVE-2014-1773, CVE-2014-1774, CVE-2014-1775, CVE-2014-1777, CVE-2014-1778, CVE-2014-1779, CVE-2014-1780, CVE-2014-1781, CVE-2014-1782, CVE-2014-1783, CVE-2014-1784, CVE-2014-1785, CVE-2014-1786, CVE-2014-1788, CVE-2014-1789, CVE-2014-1790, CVE-2014-1791, CVE-2014-1792, CVE-2014-1794, CVE-2014-1795, CVE-2014-1796, CVE-2014-1797, CVE-2014-1799, CVE-2014-1800, CVE-2014-1802, CVE-2014-1803, CVE-2014-1804, CVE-2014-1805, CVE-2014-2753, CVE-2014-2754, CVE-2014-2755, CVE-2014-2756, CVE-2014-2757, CVE-2014-2758, CVE-2014-2759, CVE-2014-2760, CVE-2014-2761, CVE-2014-2763, CVE-2014-2764, CVE-2014-2765, CVE-2014-2766, CVE-2014-2767, CVE-2014-2768, CVE-2014-2769, CVE-2014-2770, CVE-2014-2771, CVE-2014-2772, CVE-2014-2773, CVE-2014-2775, CVE-2014-2776, CVE-2014-2777, CVE-2014-2782, MS14-035, VIGILANCE-VUL-14876, ZDI-14-174, ZDI-14-175, ZDI-14-176, ZDI-14-177, ZDI-14-178, ZDI-14-179, ZDI-14-180, ZDI-14-181, ZDI-14-182, ZDI-14-183, ZDI-14-184, ZDI-14-185, ZDI-14-186, ZDI-14-212, ZDI-14-213, ZDI-14-226, ZDI-14-227, ZDI-14-237, ZDI-14-259, ZDI-14-260, ZDI-14-270, ZDI-14-354, ZDI-14-357, ZDI-14-366, ZDI-14-367.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can use a TLS Certificate Renegotiation, in order to obtain sensitive information. [severity:2/4; CVE-2014-1771]

An attacker can read local files, in order to obtain sensitive information. [severity:2/4; CVE-2014-1777]

An attacker can use three vulnerabilities, in order to escalate his privileges. [severity:2/4; CVE-2014-1764, CVE-2014-1778, CVE-2014-2777]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-0282, CVE-2014-1762, CVE-2014-1766, CVE-2014-1769, CVE-2014-1772, CVE-2014-1773, CVE-2014-1774, CVE-2014-1775, CVE-2014-1779, CVE-2014-1780, CVE-2014-1781, CVE-2014-1782, CVE-2014-1783, CVE-2014-1784, CVE-2014-1785, CVE-2014-1786, CVE-2014-1788, CVE-2014-1789, CVE-2014-1790, CVE-2014-1791, CVE-2014-1792, CVE-2014-1794, CVE-2014-1795, CVE-2014-1796, CVE-2014-1797, CVE-2014-1799, CVE-2014-1800, CVE-2014-1802, CVE-2014-1803, CVE-2014-1804, CVE-2014-1805, CVE-2014-2753, CVE-2014-2754, CVE-2014-2755, CVE-2014-2756, CVE-2014-2757, CVE-2014-2758, CVE-2014-2759, CVE-2014-2760, CVE-2014-2761, CVE-2014-2763, CVE-2014-2764, CVE-2014-2765, CVE-2014-2766, CVE-2014-2767, CVE-2014-2768, CVE-2014-2769, CVE-2014-2770, CVE-2014-2771, CVE-2014-2772, CVE-2014-2773, CVE-2014-2775, CVE-2014-2776, CVE-2014-2782, ZDI-14-174, ZDI-14-175, ZDI-14-176, ZDI-14-177, ZDI-14-178, ZDI-14-179, ZDI-14-180, ZDI-14-181, ZDI-14-182, ZDI-14-183, ZDI-14-184, ZDI-14-185, ZDI-14-186, ZDI-14-212, ZDI-14-213, ZDI-14-226, ZDI-14-227, ZDI-14-237, ZDI-14-259, ZDI-14-260, ZDI-14-270, ZDI-14-354, ZDI-14-357, ZDI-14-366, ZDI-14-367]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-7202 CVE-2016-7278 CVE-2016-7279

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 14/12/2016.
Revision date: 16/12/2016.
Identifiers: 3204059, 972, CERTFR-2016-AVI-413, CVE-2016-7202, CVE-2016-7278, CVE-2016-7279, CVE-2016-7281, CVE-2016-7282, CVE-2016-7283, CVE-2016-7284, CVE-2016-7287, MS16-144, VIGILANCE-VUL-21365.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can bypass security features via Windows Hyperlink Object Library, in order to obtain sensitive information. [severity:2/4; CVE-2016-7278]

An attacker can bypass security features via Microsoft Browser, in order to obtain sensitive information. [severity:2/4; CVE-2016-7282]

An attacker can bypass security features via Internet Explorer, in order to obtain sensitive information. [severity:2/4; CVE-2016-7284]

An attacker can generate a memory corruption via Microsoft Browser, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7279]

An attacker can generate a memory corruption via Internet Explorer, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7283]

An attacker can bypass security features via Microsoft Browser, in order to escalate his privileges. [severity:3/4; CVE-2016-7281]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7202]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 972, CVE-2016-7287]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-7195 CVE-2016-7196 CVE-2016-7198

Internet Explorer: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 09/11/2016.
Identifiers: 3198467, 952, CERTFR-2016-AVI-372, CVE-2016-7195, CVE-2016-7196, CVE-2016-7198, CVE-2016-7199, CVE-2016-7227, CVE-2016-7239, CVE-2016-7241, MS16-142, VIGILANCE-VUL-21081.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7195]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7196]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7198]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7241]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7199]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7227]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7239]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7857 CVE-2016-7858 CVE-2016-7859

Adobe Flash Player: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 2016, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 08/11/2016.
Identifiers: 3202790, APSB16-37, CERTFR-2016-AVI-371, CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865, MS16-141, openSUSE-SU-2016:2774-1, openSUSE-SU-2016:2782-1, RHSA-2016:2676-01, SUSE-SU-2016:2778-1, VIGILANCE-VUL-21068, ZDI-16-595, ZDI-16-596, ZDI-16-597, ZDI-16-598, ZDI-16-599, ZDI-16-600, ZDI-16-601, ZDI-16-602, ZDI-16-603.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7860, ZDI-16-601]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7861, ZDI-16-600]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7865, ZDI-16-598]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7857, ZDI-16-596]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7858, ZDI-16-595]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7859, ZDI-16-602]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7862, ZDI-16-603]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7863, ZDI-16-599]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7864, ZDI-16-597]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-7855

Adobe Flash Player: use after free

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area of Adobe Flash Player, in order to trigger a denial of service, and possibly to run code.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 26/10/2016.
Identifiers: 3201860, APSB16-36, CERTFR-2016-AVI-364, CVE-2016-7855, MS16-128, openSUSE-SU-2016:2663-1, openSUSE-SU-2016:2665-1, RHSA-2016:2119-01, SUSE-SU-2016:2662-1, VIGILANCE-VUL-20963.

Description of the vulnerability

An attacker can force the usage of a freed memory area of Adobe Flash Player, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-3298

Internet Explorer: information disclosure via Microsoft Internet Messaging API

Synthesis of the vulnerability

An attacker can use a vulnerability via Microsoft Internet Messaging API of Internet Explorer, in order to obtain sensitive information.
Impacted products: IE, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: 3196067, CERTFR-2016-AVI-340, CVE-2016-3298, MS16-126, VIGILANCE-VUL-20835.

Description of the vulnerability

The Internet Explorer product can use the Microsoft Internet Messaging API.

However, an attacker can bypass restrictions, to detect the presence of files on victim's system.

An attacker can therefore use a vulnerability via Microsoft Internet Messaging API of Internet Explorer, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-3267 CVE-2016-3298 CVE-2016-3331

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 11.
Creation date: 12/10/2016.
Identifiers: 3192887, 878, 879, CERTFR-2016-AVI-337, CVE-2016-3267, CVE-2016-3298, CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016-3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391, MS16-118, VIGILANCE-VUL-20827, ZDI-16-532, ZDI-16-533, ZDI-16-534.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3331]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3383, ZDI-16-533]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3384, ZDI-16-534]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3382, ZDI-16-532]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3385]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3390]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3387]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3388]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3267]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3391]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3298]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-4273 CVE-2016-4286 CVE-2016-6981

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Edge, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 12/10/2016.
Identifiers: 3194343, APSB16-32, CERTFR-2016-AVI-336, COSIG-2016-35, CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992, MS16-127, openSUSE-SU-2016:2517-1, openSUSE-SU-2016:2519-1, RHSA-2016:2057-01, SUSE-SU-2016:2512-1, VIGILANCE-VUL-20825, ZDI-16-568, ZDI-16-569.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6992]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6981]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6987, ZDI-16-569]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-4286]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4273]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6982]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6983]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6984]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6985]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6986, ZDI-16-568]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6989]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6990]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-4182 CVE-2016-4237 CVE-2016-4238

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 30.
Creation date: 13/09/2016.
Revisions dates: 23/09/2016, 30/09/2016.
Identifiers: 3188128, 857, 858, 859, 861, APSB16-29, CERTFR-2016-AVI-311, CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932, MS16-117, openSUSE-SU-2016:2308-1, openSUSE-SU-2016:2376-1, RHSA-2016:1865-01, SUSE-SU-2016:2312-1, VIGILANCE-VUL-20588, ZDI-16-515, ZDI-16-516.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4182]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4237]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4238]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4287]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4272]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4279, ZDI-16-515]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6921]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6923]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6925]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6926]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6927]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6929]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6930]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6931]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6932]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4271]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4277]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4278]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4274]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4275]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4276, ZDI-16-516]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4280]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4281]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4282]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4283]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4284]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4285]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6922]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6924]

An attacker can bypass security features via navigateToURL(), in order to obtain sensitive information. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3247 CVE-2016-3291 CVE-2016-3292

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 13/09/2016.
Identifiers: 3183038, CERTFR-2016-AVI-307, CVE-2016-3247, CVE-2016-3291, CVE-2016-3292, CVE-2016-3295, CVE-2016-3297, CVE-2016-3324, CVE-2016-3325, CVE-2016-3351, CVE-2016-3353, CVE-2016-3375, MS16-104, VIGILANCE-VUL-20589, ZDI-16-506, ZDI-16-510, ZDI-16-511, ZDI-16-513.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3247, ZDI-16-513]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3295, ZDI-16-511]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3297]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3324]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-20601). [severity:4/4; CVE-2016-3375]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3292, ZDI-16-510]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3325]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3351]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3291]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3353, ZDI-16-506]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft IE: