Microsoft: >> Internet Explorer >> 11 Security Vulnerabilities
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.
CVSS Score
4.3
EPSS Score
0.109
Published
2017-03-17
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.
CVSS Score
4.3
EPSS Score
0.084
Published
2017-03-17
Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149.
CVSS Score
7.5
EPSS Score
0.208
Published
2017-03-17
CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
Known exploited
CVSS Score
8.1
EPSS Score
0.901
Published
2017-02-26
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
CVSS Score
5.3
EPSS Score
0.345
Published
2016-12-20
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
CVSS Score
6.1
EPSS Score
0.014
Published
2016-12-20
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVSS Score
8.8
EPSS Score
0.239
Published
2016-12-20
Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVSS Score
4.3
EPSS Score
0.414
Published
2016-12-20
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
CVSS Score
7.5
EPSS Score
0.847
Published
2016-12-20
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."
CVSS Score
5.3
EPSS Score
0.303
Published
2016-12-20