Lucene search
Ashutosh Mehra (https://twitter.com/ashutoshmehra)ZDI-16-366HistoryJun 16, 2016 - 12:00 a.m.
Microsoft Internet Explorer PerformDoDragDrop Protected Mode Sandbox Escape Vulnerability
2016-06-1600:00:00
Ashutosh Mehra (https://twitter.com/ashutoshmehra)
www.zerodayinitiative.com
25
0.232 Low
EPSS
Percentile
96.6%
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of the method IShdocvwBroker::PerformDoDragDrop. An attacker who has gained code execution within the Internet Explorer Protected Mode sandbox can leverage this method to place a malicious executable file in any location to which the user has write access. An attacker can leverage this vulnerability to execute code under the context of the user at medium integrity.
Related
mscve
mscve
Internet Explorer Memory Corruption Vulnerability
2016-06-14 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3211)
2016-06-14 00:00:00
symantec
symantec
cve
cve
prion
prion
Memory corruption
2016-06-16 01:59:00
Memory corruption
2016-06-16 01:59:00
Memory corruption
2016-06-16 01:59:00
nvd
nvd
cvelist
cvelist
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (3163649)
2016-06-15 00:00:00
mskb
mskb
MS16-063: Security update for Internet Explorer: June 14, 2016
2016-06-14 07:00:00
MS16-063: Cumulative security update for Internet Explorer: June 14, 2016
2016-06-14 00:00:00
Cumulative update for Windows 10: June 14, 2016
2016-06-16 07:00:00
nessus
nessus
MS16-063: Cumulative Security Update for Internet Explorer (3163649)
2016-06-14 00:00:00
kaspersky
kaspersky
KLA11911 Multiple vulnerabilites in Microsoft Products (ESU)
2016-06-14 00:00:00
KLA10829 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
2016-06-14 00:00:00