Microsoft Internet Explorer Type Confusion

Hello everyone, I've recently released examples on twitter of how to trigger two security vulnerabilities in Microsoft Internet Explorer. These issue were discovered last year and reported to Microsoft through ZDI. Microsoft release security updates to address these issues last Tuesday. ======...

Memory corruption

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, an...

Memory corruption

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0061, CVE-2016-0063,...

CVE-2016-0061

CVE-2016-0061 affects Microsoft Internet Explorer 9–11 and Microsoft Edge, where a crafted website can trigger memory corruption, enabling remote code execution or a denial of service. Root cause is memory corruption in the browser’s handling of web content. Public references point to Microsoft s...

MS16-011: Cumulative Security Update for Microsoft Edge (3134225)

The version of Microsoft Edge installed on the remote host is missing Cumulative Security Update 3134225. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An attacker can exploit these...

MS16-009: Cumulative Security Update for Internet Explorer (3134220)

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3134220. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to improper validation of input when loading dynamic link library DLL files. A...