CVE-2015-1735 – Microsoft Internet Explorer hr Element Uninitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1735
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, y CVE-2015-1766. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes certain operations on HTML hr elements. Internet Explorer erroneously uses a VARIANT structure in memory before it has been properly initialized. • http://www.securityfocus.com/bid/74972 http://www.securitytracker.com/id/1032521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •
CVE-2015-1754
https://notcve.org/view.php?id=CVE-2015-1754
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer.' • http://www.securityfocus.com/bid/74991 http://www.securitytracker.com/id/1032521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •
CVE-2015-1747 – Microsoft Internet Explorer DataView Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1747
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, and CVE-2015-1753. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, y CVE-2015-1753. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within jscript9.dll. When creating a DataView object with an ArrayBuffer, in conjunction with the neuter function, using the ArrayBuffer as an argument, read and write access of arbitrary memory can be achieved. • http://www.securityfocus.com/bid/74986 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-250 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •
CVE-2015-1741
https://notcve.org/view.php?id=CVE-2015-1741
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1752. Microsoft Internet Explorer 9 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1752. • http://www.securityfocus.com/bid/74982 http://www.securitytracker.com/id/1032521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •
CVE-2015-1743 – Microsoft Internet Explorer add-on Installer Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-1743
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748. Microsoft Internet Explorer 7 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la elevación de privilegios de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1748. This vulnerability allows remote attackers to escape Enhanced Protected Mode on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of the add-on installer. An attacker can bypass checks within the add-on installer with special paths and junction points to achieve medium-integrity code execution under the context of the user. • http://www.securityfocus.com/bid/74996 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-377 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •