Microsoft Internet Explorer 10 Denial Of Service Execute Code Overflow Memory corruption Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Network Enabled

Discount: SecuriTeam5_SANS

Promo With Us

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner
Scanner Review
Fuzzer Review
Web Scanner Review

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,".

Credit:
The original article can be found at: http://technet.microsoft.com/en-us/security/bulletin/ms16-084

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Internet Explorer 9
* Microsoft Internet Explorer 10
* Microsoft Internet Explorer 11

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. For more information, see the Affected Software section.
The update addresses the vulnerabilities by:
Modifying how Internet Explorer handles objects in memory
Modifying how the JScript and VBScript scripting engines handle objects in memory
Correcting how the Microsoft Browser XSS Filter validates JavaScript
Changing how certain functions in Internet Explorer handle objects in memory
Correcting how Internet Explorer parses HTML

CVE Information:
CVE-2016-3240

Disclosure Timeline:
Publish Date : 2016-07-12
Last Update Date : 2016-07-13

blog comments powered by Disqus

	Wepresent Wipg-1500 Firmware 1.0.3.7 Remote Code Execution Vulnerability
	Tcpdump Overflow Vulnerability
	Tcpdump 4.8.1 parsers Overflow Vulnerability
	Tcpdump 4.8.1 ISO CLNS Overflow Vulnerability
	Puppetlabs Mcollective-puppet-agent 1.11.0 option Execute Code Vulnerability
	Phpipam 1.2 Execute Code Cross Site Scripting Vulnerability
	Oracle Weblogic Server 10.3.6.0 takeover Remote Code Execution Vulnerability
	Oracle Universal Work Queue 12.1.1 accessible Remote Code Execution Vulnerability
	Oracle Siebel Ui Framework 16.1 update delete insert Remote Code Execution Vulnerability
	Oracle Partner Management 12.1.1 HTTP Remote Code Execution Vulnerability
	Oracle One-to-one Fulfillment 12.1.2 HTTP Remote Code Execution Vulnerability
	Oracle Mysql 5.7.16 unauthorized Remote Code Execution Vulnerability
	Oracle Marketing 12.1.1 Base Remote Code Execution Vulnerability
	Oracle JRE 1.6 web service Remote Code Execution Vulnerability
	Oracle Flexcube Universal Banking 12.2.0 Denial Of Service Vulnerability
	Oracle Flexcube Private Banking 12.0.1 CVSS Remote Code Execution Vulnerability
	Oracle Advanced Outbound Telephony 12.1.3 unauthorized Remote Code Execution Vulnerability
	Mybb Merge System 1.8.6 MyBulletinBoard Cross Site Scripting Vulnerability
	Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability
	Wireshark Overflow Vulnerability

Featured Articles

	Oracle Partner Management 12.1.1 HTTP Remote Code Execution Vulnerability
	Mp3splt 2.6.2 crafted Denial Of Service Vulnerability
	Trend Micro Smart Protection Server 3 webapps Execute Code Vulnerability
	Wordpress 4.7.1 commands Execute Code Sql Injection Vulnerability
	Oracle Istore 12.1.1 Successful Remote Code Execution Vulnerability
	Samsung Knox 1.0 Remote Code Execution Vulnerability
	Rapid7 Metasploit 4.13.0-2017012501 application Remote Code Execution Vulnerability
	Cisco IOS 15.2(2)e3 Denial Of Service Obtain Information Vulnerability
	Oracle Knowledge Management 12.1.1 critical data Remote Code Execution Vulnerability
	Siemens Sinumerik Integrate Operate Client modify Obtain Information Vulnerability
	Trend Micro Smart Protection Server 2.6 commands Execute Code Vulnerability
	Google Android 7.1.0 Mediaserver Execute Code Overflow Memory corruption Vulnerability
	Cisco Netflow Generation Appliance 1.0(2) Cross Site Scripting Vulnerability
	Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Vulnerability
	Google Android 6.0.1 context Execute Code Overflow Memory corruption Vulnerability
	Cisco Unified Communications Manager 11.5(1.12000.1) Cross Site Scripting Bypass a restriction or similar Vulnerability
	Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Memory corruption Vulnerability
	Oracle Marketing 12.2.6 Base Score Remote Code Execution Vulnerability
	Google Android 7 context Execute Code Overflow Memory corruption Vulnerability
	Cisco Webex Meeting Center Wbs28 Base Remote Code Execution Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs