2016 VULNERABILITY DATABASE
CVE-2016-3218
Summary: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221.
Published: 6/15/2016 9:59:21 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 6.9 MEDIUM
CVE-2016-3216
Summary: GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."
Published: 6/15/2016 9:59:20 PM
CVSS Severity: v3 - 4.3 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-3215
Summary: Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.
Published: 6/15/2016 9:59:19 PM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-3214
Summary: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199.
Published: 6/15/2016 9:59:18 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.3 HIGH
CVE-2016-3213
Summary: The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability."
Published: 6/15/2016 9:59:17 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.3 HIGH
CVE-2016-3212
Summary: The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
Published: 6/15/2016 9:59:16 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-3211
Summary: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-0200.
Published: 6/15/2016 9:59:15 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.3 HIGH
CVE-2016-3210
Summary: The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Published: 6/15/2016 9:59:14 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.3 HIGH
CVE-2016-3207
Summary: The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206.
Published: 6/15/2016 9:59:13 PM
CVE-2016-3206
Summary: The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207.
Published: 6/15/2016 9:59:12 PM
CVE-2016-3205
Summary: The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207.
Published: 6/15/2016 9:59:11 PM
CVE-2016-3203
Summary: Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."
Published: 6/15/2016 9:59:10 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
CVE-2016-3202
Summary: The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Published: 6/15/2016 9:59:09 PM
CVE-2016-3201
Summary: Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.
Published: 6/15/2016 9:59:08 PM
CVE-2016-3199
Summary: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214.
Published: 6/15/2016 9:59:07 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.3 HIGH
CVE-2016-3198
Summary: Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
Published: 6/15/2016 9:59:06 PM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-0200
Summary: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-3211.
Published: 6/15/2016 9:59:05 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.3 HIGH
CVE-2016-0199
Summary: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and CVE-2016-3211.
Published: 6/15/2016 9:59:04 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.3 HIGH
CVE-2016-0028
Summary: Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability."
Published: 6/15/2016 9:59:03 PM
CVE-2016-0025
Summary: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Published: 6/15/2016 9:59:01 PM