CVE-2016-0003
published 2016-01-13CVE-2016-0003: Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."
PriorityP260critical9.6CVSS 3.0
AVNACLPRNUIRSCCHIHAH
EPSS
39.41%
98.4th percentile
Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.09.6CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc9.6CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Edge Memory Corruption Vulnerability
vendor_msrc·2016-01-12·CVSS 9.6
CVE-2016-0003 [CRITICAL] Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to
GHSA
GHSA-63pq-75rq-whp9: Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability
ghsa_unreviewed·2022-05-14
CVE-2016-0003 [CRITICAL] CWE-119 GHSA-63pq-75rq-whp9: Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - January 2016
blogs_talos·2016-01-12·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Office, Silverlight, and Windows. The remaining three bulletins are rated important and address vulnerabilities in Exchange and several parts of Windows.
### Bulletins Rated Critical Microsoft bulletins MS16-001 through MS16-0006 are rated as critical in this month's release.
MS16-001 and MS16-002 are this month's Internet Explorer and Edge security bulletin respectively. In total, four vulnerabilities were addre
Talos
Microsoft Patch Tuesday - January 2016
blogs_talos·2016-01-12·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2016
## Microsoft Patch Tuesday - January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Office, Silverlight, and Windows. The remaining three bulletins are rated important and address vulnerabilities in Exchange and several parts of Windows.
## Bulletins Rated Critical Microsoft bulletins MS16-001 through MS16-0006 are rated as critical in this month's release.
MS16-001 and MS16-002 are this month's Internet Explorer and Edge security bulletin respectively.
Zscaler
Zscaler found Multiple Security Vulnerabilities | 01-12-2016
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Multiple Security Vulnerabilities | 01-12-2016
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2017-12189 jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)
bugzilla·2017-10-09·CVSS 7.0
CVE-2017-12189 [HIGH] CVE-2017-12189 jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)
CVE-2017-12189 jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)
It was reported that the jbossas init script performed unsafe file handling, which could result in local privilege escalation.
Discussion:
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform
Via RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0003
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6
Via RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0002
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7
Via RHSA-2018:0004 https://access.
http://www.securitytracker.com/id/1034649http://www.zerodayinitiative.com/advisories/ZDI-16-019https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-002http://www.securitytracker.com/id/1034649http://www.zerodayinitiative.com/advisories/ZDI-16-019https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-002
2016-01-13
Published