CVE-2016-0005
published 2016-01-13CVE-2016-0005: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of…
PriorityP430medium4.3CVSS 3.0
AVNACLPRNUIRSUCNILAN
EPSS
28.21%
97.9th percentile
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_10_on_windows_server_2012 | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
| msrc | internet_explorer_9_on_windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | internet_explorer_9_on_windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_for_itanium-based_systems_service_pac | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_r2_for_itanium-based_systems_service | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_r2_for_x64-based_systems_service_pack | — | — |
| msrc | internet_explorer_9_on_windows_vista_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_vista_x64_edition_service_pack_2 | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc4.3HIGH
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wpwp-47cp-xxcc: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elev
ghsa_unreviewed·2022-05-14
CVE-2016-0005 [MEDIUM] CWE-20 GHSA-wpwp-47cp-xxcc: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elev
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."
Red Hat
samba: Spoofing vulnerability when domain controller is configured
vendor_redhat·2016-04-12·CVSS 4.3
CVE-2016-2111 [MEDIUM] CWE-290 samba: Spoofing vulnerability when domain controller is configured
samba: Spoofing vulnerability when domain controller is configured
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine.
Package: samba (Red Hat Enterprise Linux Extended Upd
Microsoft
CVE-2016-0005: Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:Yes;Exploited:No
vendor_msrc·2016-01-12·CVSS 4.3
CVE-2016-0005 [MEDIUM] CVE-2016-0005: Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:Yes;Exploited:No
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:Yes;Exploited:No
No detection rules found.
Talos
Microsoft Patch Tuesday - January 2016
blogs_talos·2016-01-12·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Office, Silverlight, and Windows. The remaining three bulletins are rated important and address vulnerabilities in Exchange and several parts of Windows.
### Bulletins Rated Critical Microsoft bulletins MS16-001 through MS16-0006 are rated as critical in this month's release.
MS16-001 and MS16-002 are this month's Internet Explorer and Edge security bulletin respectively. In total, four vulnerabilities were addre
Talos
Microsoft Patch Tuesday - January 2016
blogs_talos·2016-01-12·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2016
## Microsoft Patch Tuesday - January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Office, Silverlight, and Windows. The remaining three bulletins are rated important and address vulnerabilities in Exchange and several parts of Windows.
## Bulletins Rated Critical Microsoft bulletins MS16-001 through MS16-0006 are rated as critical in this month's release.
MS16-001 and MS16-002 are this month's Internet Explorer and Edge security bulletin respectively.
2016-01-13
Published