Page 106 of 1742 results (0.006 seconds)

CVSS: 4.7EPSS: 11%CPEs: 2EXPL: 0

Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability." Las versiones 10 y 11 de Microsoft Internet Explorer permiten a atacantes remotos leer archivos locales mediante nombres de rutas manipuladas, también conocida como 'Vulnerabilidad de Revelación de informacion de Internet Explorer'. This vulnerability allows remote attackers to partially escape AppContainer limitations on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IE broker process when processing a file name for reading in the routine IShdocvwBroker::MOTWCreateFileW. Using a directory junction and a symbolic link, code running inside the EPM AppContainer can read any file that the normal user account can read, bypassing the restrictions designed into EPM. • http://www.securityfocus.com/bid/75687 http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 79%CPEs: 2EXPL: 0

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1736, CVE-2015-1737, and CVE-2015-1755. Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1736, CVE-2015-1737, y CVE-2015-1755. • http://www.securitytracker.com/id/1032521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •

CVSS: 6.9EPSS: 1%CPEs: 2EXPL: 0

Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la elevación de privilegios de Internet Explorer.' This vulnerability allows attackers to escape the Extended Protection Mode sandbox of vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the actions of the IE add-on installer. The installer can take a web page created by attacker code running in the context of the IE App Container and copy it to a location where it can be rendered as an Intranet webpage, which, by default, invokes IE as a medium-integrity process in the context of the user. • http://www.securityfocus.com/bid/74995 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-249 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 69%CPEs: 2EXPL: 0

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755. Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1731, CVE-2015-1737, y CVE-2015-1755. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes the removal of attributes from HTML elements. By manipulating a document's elements an attacker can force a CAttrArray object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/74978 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-253 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 0

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1737. Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1731, CVE-2015-1736, y CVE-2015-1737. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes HTML option elements that are placed inside datalist elements. By manipulating a document's elements an attacker can force a COptionElement object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/74992 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-254 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1204 • CWE-399: Resource Management Errors •