CVSS: 9.3EPSS: 87%CPEs: 6EXPL: 0CVE-2015-2390
https://notcve.org/view.php?id=CVE-2015-2390
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422. Microsoft Internet Explorer de la versión 6 a la 11 permite a atacantes remotos la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una página web modificada, también conocida como “Vulnerabilidad de corrupción de Memoria en Internet Explorer”, una vulnerabilidad diferente a CVE-2015-2385, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, y a CVE-2015-2422. • http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 4EXPL: 0CVE-2015-2414
https://notcve.org/view.php?id=CVE-2015-2414
Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer en la versión 8 a la 11, permite a atacantes remotos obtener informacion sensible del historial de navegación a través de vectores relacionados con el almacenamiento en caché, error conocido como 'Internet Explorer Information Disclosure Vulnerability.' • http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 44%CPEs: 4EXPL: 0CVE-2015-2398
https://notcve.org/view.php?id=CVE-2015-2398
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability." Microsoft Internet Explorer de la versión 8 a la 11 permite a atacantes remotos evadir el filtro XSS a través de un atributo modificado de un elemento en un documento HTML, también conocida como “Vulnerabilidad de Evasión de Filtro XSS en Internet Explorer.” • http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 1%CPEs: 5EXPL: 0CVE-2015-2402 – Microsoft Internet Explorer EditWith Broker API Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-2402
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Desde la versión 7 a la versión 11 de Microsoft Internet Explorer se permite a atacantes remotos escalada de privilegios a través de sitios web manipulados, también conocida como 'Vulnerabilidad de Evaluación de Privilegios de Internet Explorer'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer running in either Protected Mode or Enhanced Protected Mode. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the EditWith function of the document broker. The document broker can be induced to use a file path from a registry key that is controlled by the low integrity process. • http://www.securityfocus.com/bid/75677 http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 43%CPEs: 6EXPL: 0CVE-2015-2397 – Microsoft Internet Explorer CTableSection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2397
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422. Microsoft Internet Explorer en la versión 6 a la 11, permite a atacantes remotos la ejecución de código arbitrario o causar una denegación de servicio mediante la corrupción de la memoria a través de un sitio web específicamente diseñado para este fin, error conocido como 'Internet Explorer Memory Corruption Vulnerability,' una vulnerabilidad diferente de CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, y CVE-2015-2422. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes the HTML table sections. By manipulating a document's elements an attacker can force a CTableSection object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •