) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:microsoft:internet_explorer:11:-
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-3331 |
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Published: October 13, 2016; 10:59:14 PM -0400 |
V3.0: 7.5 HIGH V2.0: 9.3 HIGH |
| CVE-2016-3298 |
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." Published: October 13, 2016; 10:59:13 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 2.6 LOW |
| CVE-2016-3267 |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Published: October 13, 2016; 10:59:11 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-3375 |
The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Published: September 14, 2016; 6:59:50 AM -0400 |
V3.0: 7.5 HIGH V2.0: 7.6 HIGH |
| CVE-2016-3353 |
Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer Security Feature Bypass." Published: September 14, 2016; 6:59:26 AM -0400 |
V3.0: 8.3 HIGH V2.0: 5.1 MEDIUM |
| CVE-2016-3351 |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Published: September 14, 2016; 6:59:24 AM -0400 |
V3.0: 3.1 LOW V2.0: 2.6 LOW |
| CVE-2016-3325 |
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Published: September 14, 2016; 6:59:15 AM -0400 |
V3.0: 3.1 LOW V2.0: 2.6 LOW |
| CVE-2016-3324 |
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Published: September 14, 2016; 6:59:14 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-3297 |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Published: September 14, 2016; 6:59:10 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-3295 |
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Published: September 14, 2016; 6:59:09 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.1 MEDIUM |
| CVE-2016-3292 |
Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Published: September 14, 2016; 6:59:06 AM -0400 |
V3.0: 5.0 MEDIUM V2.0: 5.1 MEDIUM |
| CVE-2016-3291 |
Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Published: September 14, 2016; 6:59:05 AM -0400 |
V3.0: 2.4 LOW V2.0: 2.6 LOW |
| CVE-2016-3247 |
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Published: September 14, 2016; 6:59:04 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.1 MEDIUM |
| CVE-2016-3321 |
Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability." Published: August 09, 2016; 5:59:28 PM -0400 |
V3.0: 2.5 LOW V2.0: 1.9 LOW |
| CVE-2016-3264 |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Published: July 12, 2016; 9:59:23 PM -0400 |
V3.0: 7.5 HIGH V2.0: 7.6 HIGH |
| CVE-2016-3261 |
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." Published: July 12, 2016; 9:59:22 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 2.6 LOW |
| CVE-2016-3260 |
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Published: July 12, 2016; 9:59:21 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
| CVE-2016-3259 |
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3248. Published: July 12, 2016; 9:59:20 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
| CVE-2016-3204 |
The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Published: July 12, 2016; 9:59:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
| CVE-2016-3212 |
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability." Published: June 15, 2016; 9:59:16 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |