CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6585
https://notcve.org/view.php?id=CVE-2015-6585
hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag. La biblioteca hwpapp.dll en Hangul Word Processor permite a los atacantes remotos ejecutar código arbitrario por medio de un heap spray creado, y al aprovechar una "type confusion" por medio de un archivo HWPX que contiene una etiqueta de texto para creada. • http://www.hancom.com/cs_center/csDownload.do http://www.securityfocus.com/bid/76694 https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 94%CPEs: 15EXPL: 1CVE-2017-8618 – Microsoft Internet Explorer 11.1066.14393.0 - VBScript Arithmetic Functions Type Confusion
https://notcve.org/view.php?id=CVE-2017-8618
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609. Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows versión 8.1 y Windows RT versión 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607 y 1703, y Windows Server 2016, Internet Explorer en la manera en que la reproducción de los motores de scripting de Microsoft es afectada cuando se manejan objetos en la memoria, también se conoce como "Scripting Engine Memory Corruption Vulnerability." Este ID de CVE es diferente de los CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE- 2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 y CVE-2017-8609. • https://www.exploit-db.com/exploits/42337 http://www.securityfocus.com/bid/99399 http://www.securitytracker.com/id/1038848 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8618 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 94%CPEs: 6EXPL: 1CVE-2017-8601 – Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8601
By performing actions in JavaScript an attacker can trigger a type confusion condition. • https://www.exploit-db.com/exploits/42479 http://www.securityfocus.com/bid/99420 http://www.securitytracker.com/id/1038849 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8601 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 9%CPEs: 3EXPL: 2CVE-2017-7005 – WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions
https://notcve.org/view.php?id=CVE-2017-7005
WebKit JSC suffers from a JSGlobalObject::haveABadTime type confusion vulnerability. • https://www.exploit-db.com/exploits/42188 https://github.com/Quindecim/Orbis-Exploit-5.x https://support.apple.com/HT207798 https://support.apple.com/HT207801 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 94%CPEs: 3EXPL: 1CVE-2017-8496 – Microsoft Edge DOMAttrModified Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8496
By manipulating a document's elements an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the process. Microsoft Edge suffers from a type confusion vulnerability in CssParser::RecordProperty. • https://www.exploit-db.com/exploits/42246 http://www.securityfocus.com/bid/98880 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8496 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •