An information disclosure vulnerability exists in Microsoft Edge. The vulnerability is due to the way VBScript improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge.
Category Archives: Checkpoint
Checkpoint
Microsoft Internet Explorer Information Disclosure (MS16-084 : CVE-2016-3261; CVE-2016-3261)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling certain javascript memory objects. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer.
Microsoft Internet Explorer Memory Corruption (MS16-084: CVE-2016-3240; CVE-2016-3240)
A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would allow attackers to execute code on the target system.
Microsoft Edge Security Feature Bypass (MS16-085: CVE-2016-3244; CVE-2016-3244)
A security feature bypass exists in Microsoft Edge. The vulnerability is due to an error in the way Microsoft Edge implements Address Space Layout Randomization (ASLR). A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge.
Microsoft Internet Explorer Memory Corruption (MS16-084: CVE-2016-3241; CVE-2016-3241)
A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would allow attackers to execute code on the target system.
Internet Explorer Malformed IFRAME Buffer Overflow (MS04-040: CVE-2004-1050; CVE-2004-1050)
Internet Explorer (IE) is a popular web browser developed by Microsoft corporation. A buffer overflow vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is in the way Microsoft Internet Explorer parses certain parameters of an IFRAME tag. An attacker can exploit this vulnerability to create a denial of service condition or to execute arbitrary code in the context of the currently logged in user. Successful exploitation of this vulnerability may allow execution of arbitrary code on a vulnerable system.
Microsoft Browser Spoofing (MS16-084: CVE-2016-3274; CVE-2016-3274)
A spoofing vulnerability exists in Microsoft Internet Explorer and EDGE browsers. The vulnerability is due to improper parsing of HTTP content. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page.
Microsoft Office Remote Code Execution (MS16-088: CVE-2016-3279; CVE-2016-3279)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to improper handling of objects in memory while parsing a specially crafted Office file. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted Office file.
Shopware getTemplateName Local File Inclusion (CVE-2016-3109)
A local file inclusion vulnerability has been reported in Shopware. This vulnerability is due to insufficient input validation in the getTemplateName() method. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to information disclosure and achieve arbitrary code execution.
Symantec ZIP Decompression Memory Access Violation (CVE-2016-3646)
Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine. Successful exploitation could result in arbitrary code execution in the context of SYSTEM.