Microsoft Internet Explorer vulnerabilities

CVE-2017-0154 [MEDIUM] CWE-74 CVE-2017-0154: Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforc Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."

CVE-2017-0059 [MEDIUM] CVE-2017-0059: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.

CVE-2017-0012 [MEDIUM] CWE-20 CVE-2017-0012: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.

CVE-2017-0037 [HIGH] CWE-843 CVE-2017-0037: Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout:: Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that op

CVE-2016-7287 [HIGH] CWE-119 CVE-2016-7287: The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

CVE-2016-7283 [HIGH] CWE-119 CVE-2016-7283: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

CVE-2016-7279 [HIGH] CWE-119 CVE-2016-7279: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitr Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

CVE-2016-7284 [MEDIUM] CWE-200 CVE-2016-7284: Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from p Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."

CVE-2016-7282 [MEDIUM] CWE-79 CVE-2016-7282: Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft E Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

CVE-2016-7278 [MEDIUM] CWE-200 CVE-2016-7278: Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information fro Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."

CVE-2016-7281 [MEDIUM] CWE-254 CVE-2016-7281: The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows re The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."

CVE-2016-7241 [HIGH] CWE-119 CVE-2016-7241: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code o Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

CVE-2016-7195 [HIGH] CWE-119 CVE-2016-7195: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitr Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7198.

CVE-2016-7196 [HIGH] CWE-119 CVE-2016-7196: Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

CVE-2016-7198 [HIGH] CVE-2016-7198: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitr Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7195.

CVE-2016-7227 [LOW] CWE-200 CVE-2016-7227: The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote at The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

CVE-2016-7239 [LOW] CWE-79 CVE-2016-7239: The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge all The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

CVE-2016-7199 [LOW] CWE-200 CVE-2016-7199: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Sam Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

CVE-2016-3390 [HIGH] CWE-119 CVE-2016-3390: The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka "Scripting Engine Memory Corruption Vulnerability."

CVE-2016-3382 [HIGH] CWE-119 CVE-2016-3382: The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote at The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka "Scripting Engine Memory Corruption Vulnerability."